DEV Community

Eng Soon Cheah
Eng Soon Cheah

Posted on

1 1

Configure Azure AD Privileged Identity Management

#microsoftazure #security

Zero Trust model

  • The Zero Trust model states to never assume trust but instead to validate trust continually
  • With most users now accessing apps and data from the internet, most transaction components are no longer under organizational control
  • Trust determination components include:
    • Identity provider 
    • Device directory 
    • Policy evaluation service 
    • Access proxy  Alt text of image
  • Identity as a Service (IDaaS)—the new control plane
  • Our identity is like a control plane because it controls:
    • What protocols we interact with
    • Which organizations’ programs we can access  
    • What devices we can use to access them Alt text of image

Identity Management
On-premises Active Directory, Azure AD, or a hybrid combination of the two all offer services for user and device authentication, identity and role management, and provisioning
Credentials + privileges = digital identity

Azure AD Privileged Identity Management

  • Azure AD PIM is a service that enables you to manage, control, and monitor access to important resources in your organization
  • Key features of PIM allow you to:
    • Provide just-in-time privileged access to Azure AD
    • Assign time-bound access to resources
    • Require approval to activate privileged roles
    • Enforce multi-factor authentication (MFA) for role activation
    • Use justification to understand why users activate roles
    • Get notifications when privileged roles are activated
    • Conduct access reviews to ensure users still need roles
    • Download audit history

Configure PIM

  • The first person to use PIM in an instance of Azure AD is automatically assigned the Security Administrator and Privileged Role Administrator roles in the directory
  • Only privileged role administrators can manage Azure AD directory role assignments to users
  • To start using PIM in your directory, you must first enable PIM by using the Azure portal Alt text of image

Activate a role

  • With PIM enabled, access to privileged operations must be activated when the need to perform privileged actions arises
  • You can request activation by using the My roles navigation option in PIM
  • If the role does not require approval, it is activated and added to the list of active roles
  • After defining PIM roles, you can start adding users to those roles 

Alt text of image
Alt text of image

Monitor the status of your requests

  • You can view the status of your pending requests to activate a privileged role
  • To manage the request status, you should:
    1. Open Azure AD Privileged Identity Management
    2. Click My requests
    3. Scroll to the right to view the Request Status column

Alt text of image

Reminder:
Cybersecurity not just network security, it's also include application security and cloud security.

profile
Sentry
 Promoted

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

Top comments (0)

profile
Pieces.app
 Promoted

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

Read next

jajera profile image

Configure SSH Login from Windows to Windows

John Ajera -

jajera profile image

Configuring AWS Vault with the Pass Backend for Secure Credential Management on Linux

John Ajera -

adrian_zuplo profile image

User-level auth in your Supabase API - Supaweek Day 2

Adrian Machado -

jully profile image

A Developer's Take on Cerbos: The Smarter Way to Handle Authorization

Juliet Ofoegbu -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay