Zero Trust model
- The Zero Trust model states to never assume trust but instead to validate trust continually
- With most users now accessing apps and data from the internet, most transaction components are no longer under organizational control
- Trust determination components include:
- Identity provider
- Device directory
- Policy evaluation service
- Access proxy
- Identity as a Service (IDaaS)—the new control plane
- Our identity is like a control plane because it controls:
- What protocols we interact with
- Which organizations’ programs we can access
- What devices we can use to access them
Identity Management
On-premises Active Directory, Azure AD, or a hybrid combination of the two all offer services for user and device authentication, identity and role management, and provisioning
Azure AD Privileged Identity Management
- Azure AD PIM is a service that enables you to manage, control, and monitor access to important resources in your organization
- Key features of PIM allow you to:
- Provide just-in-time privileged access to Azure AD
- Assign time-bound access to resources
- Require approval to activate privileged roles
- Enforce multi-factor authentication (MFA) for role activation
- Use justification to understand why users activate roles
- Get notifications when privileged roles are activated
- Conduct access reviews to ensure users still need roles
- Download audit history
Configure PIM
- The first person to use PIM in an instance of Azure AD is automatically assigned the Security Administrator and Privileged Role Administrator roles in the directory
- Only privileged role administrators can manage Azure AD directory role assignments to users
- To start using PIM in your directory, you must first enable PIM by using the Azure portal
Activate a role
- With PIM enabled, access to privileged operations must be activated when the need to perform privileged actions arises
- You can request activation by using the My roles navigation option in PIM
- If the role does not require approval, it is activated and added to the list of active roles
- After defining PIM roles, you can start adding users to those roles
Monitor the status of your requests
- You can view the status of your pending requests to activate a privileged role
- To manage the request status, you should:
- Open Azure AD Privileged Identity Management
- Click My requests
- Scroll to the right to view the Request Status column
Reminder:
Cybersecurity not just network security, it's also include application security and cloud security.
Top comments (0)