DEV Community

Eng Soon Cheah
Eng Soon Cheah

Posted on

Configure Azure AD Privileged Identity Management

Zero Trust model

  • The Zero Trust model states to never assume trust but instead to validate trust continually
  • With most users now accessing apps and data from the internet, most transaction components are no longer under organizational control
  • Trust determination components include:
    • Identity provider 
    • Device directory 
    • Policy evaluation service 
    • Access proxy  Alt text of image
  • Identity as a Service (IDaaS)—the new control plane
  • Our identity is like a control plane because it controls:
    • What protocols we interact with
    • Which organizations’ programs we can access  
    • What devices we can use to access them Alt text of image

Identity Management
On-premises Active Directory, Azure AD, or a hybrid combination of the two all offer services for user and device authentication, identity and role management, and provisioning
Credentials + privileges = digital identity

Azure AD Privileged Identity Management

  • Azure AD PIM is a service that enables you to manage, control, and monitor access to important resources in your organization
  • Key features of PIM allow you to:
    • Provide just-in-time privileged access to Azure AD
    • Assign time-bound access to resources
    • Require approval to activate privileged roles
    • Enforce multi-factor authentication (MFA) for role activation
    • Use justification to understand why users activate roles
    • Get notifications when privileged roles are activated
    • Conduct access reviews to ensure users still need roles
    • Download audit history

Configure PIM

  • The first person to use PIM in an instance of Azure AD is automatically assigned the Security Administrator and Privileged Role Administrator roles in the directory
  • Only privileged role administrators can manage Azure AD directory role assignments to users
  • To start using PIM in your directory, you must first enable PIM by using the Azure portal Alt text of image

Activate a role

  • With PIM enabled, access to privileged operations must be activated when the need to perform privileged actions arises
  • You can request activation by using the My roles navigation option in PIM
  • If the role does not require approval, it is activated and added to the list of active roles
  • After defining PIM roles, you can start adding users to those roles 

Alt text of image
Alt text of image

Monitor the status of your requests

  • You can view the status of your pending requests to activate a privileged role
  • To manage the request status, you should:
    1. Open Azure AD Privileged Identity Management
    2. Click My requests
    3. Scroll to the right to view the Request Status column

Alt text of image

Cybersecurity not just network security, it's also include application security and cloud security.

Top comments (0)