This document summarizes a presentation about using Azure Active Directory (Azure AD) for identity governance.
The presentation discusses how Azure AD features like Privileged Identity Management, Terms of Use, Entitlement Management, and Access Reviews can help address four challenges: 1) too many users had privileged access, 2) a need to enforce non-disclosure agreements, 3) streamlining access to resources, and 4) gaining visibility on guest users. Each Azure AD feature is mapped to a specific challenge.
The presentation concludes that Azure AD identity governance features can help govern the identity lifecycle, govern access, secure privileged access, and meet compliance requirements. Resources are provided for further reading. Feedback is requested from attendees.
3. @m365blr #M365BLR
A One Day
Virtual Event
• Hands on sessions by experts and community leaders
• Deep-dive into Microsoft 365 Services
• Focus on
• Microsoft Teams
• SharePoint
Win exiting prizes!
LENOVO TAB M10 ECHO DOT 4th
GEN
• Microsoft Power Platform
EVENT T-SHIRTS
4. @m365blr #M365BLR
SPEAKERS PANEL
Secure your M365 resources
using Azure AD Identity
governance
Track Number : 2
10:05 AM -10:50 AM IST Vignesh Ganesan
Enterprise Cloud Architect & Technology Strategist
Session No.1
8. @m365blr #M365BLR
Azure AD DS
B2B
collaboration
Azure AD B2C
Azure AD offers depth and breadth
Identity and access management for employees, partners, and customers
Dynamic
groups
Self-service
capabilities
Azure AD
Connect
Conditional
access
Microsoft
Authenticator—
password-less
access
Azure AD Join
MDM-auto
enrollment/
Enterprise State
Roaming
Security
reporting
Identity
protection
Privileged
identity
management
HR App
integration
Access
reviews
Connect
health
Remote access
to on-premises
apps
Addition of
custom cloud
apps
Access
panel/MyApps
Provisioning/
deprovisioning
Group-based
licensing
Multi-factor
authentication
Office 365
App Launcher
SSO to
SaaS
9. @m365blr #M365BLR
Introduction to Azure AD Identity
Governance
Who has / should have access
to which resources?
What are they doing
with that access?
Are there effective
organizational controls for
managing access?
Can auditors verify that
the controls are working?
Productivity
Security
Timely access to the
right resources
The right people have the
right access to resources
10. @m365blr #M365BLR
Governance is a journey ,not a destination
Identity lifecycle
facilities collaboration
Access lifecycle
provides seamless and
efficient access
Privileged access lifecycle
addresses risks inherent in
administration
11. @m365blr #M365BLR
Case study
A company named Vignesh Ganesan is using Office 365 and collaborating with other
organizations to share data on a campaign
Challenges
• Recent audit discovered too many users had standing privileged access
• Legal regulations require users to sign a Non-disclosure agreement
before having access
• Need to streamline the process of getting resources and permissions
assigned to users
• No control over external user’s lifecycle, will like more visibility on guest
activity
12. @m365blr #M365BLR
We will be focusing about these 4 diff solutions today
Azure AD
Privileged
Identity
Management
Azure AD
Terms of use
Azure AD
Entitlement
Management
Azure AD
Access
reviews
Everything that I’ll be discussing about today needs an Azure AD P2 license !
14. @m365blr #M365BLR
Privileged Identity Management (PIM)
Ensure admins have the right access
Discover privileged roles (Azure AD ,Office 365 &Azure)
Reduce attack surface-reduce risk
Role activation “Just In Time”
Audit reports for compliance
16. @m365blr #M365BLR
• Configure a terms of use by uploading a
PDF document(s) for each necessary
language
• Target to users, groups or applications
using conditional access
• Enforce acceptance of terms for users in
scope
• Audit events show who accepted / which
terms / when
Terms of Use
Simple method to present information to end users and requiring
their consent after authentication and prior to getting access
18. @m365blr #M365BLR
Terms of use deployment
• Terms of use in multiple languages
• Conditional Access policy to enforce per user ,per device, on all/certain apps
• User reads and consents
• Review reports and audit logs
20. @m365blr #M365BLR
Azure AD Entitlement Management
Catalogs of named access rights across resources that a user can be granted
access to , through a request / approval process
22. @m365blr #M365BLR
Azure AD Access Reviews
• Provide oversight for which users have
access to what resources
• Prompts users to ensure their access is
limited to the resources they need
• Applies to employees and guest users
Marketing Operations
23. @m365blr #M365BLR
Access Reviews
Provide oversight for which
users have access to what
resources
Prompts users to ensure
their access is limited to the
resources they need
Applies to employees
and guest users
25. @m365blr #M365BLR
Azure AD Access Reviews
Recertify : attest and audit continued access
• Review Office 365 group members, security group members ,
and users assigned to applications
• Optionally, scope the reviews to just guests
• Select reviewers from the resource
Group owners
Members review their own access
Select other specific individuals
26. @m365blr #M365BLR
Access Reviews process
• Identify resource where users have access
• Identify the business owner for confirming user’s access
• Business owners review access on a regular basis
• Reviewers can line-item deny users' access, or give justification
• Upon completion of the review, access is removed for denied users
• Results are retained for subsequent use in auditor investigation
27. @m365blr #M365BLR
Session takeaways
• Azure AD can help address Identity governance requirements
• Create access reviews and gain better control of the user lifecycle
• Go-do: discover privileged account in your tenant and convert them to eligible
• Ensure that all your compliance requirements using Azure AD
28. @m365blr #M365BLR
The power of Azure AD Identity governance
Azure AD
Privileged
Identity
Management
Azure AD
Terms of use
Azure AD
Entitlement
Management
Azure AD
Access
reviews
• Govern the identity lifecycle
• Govern access lifecycle
• Secure privileged access for administration
• Meet compliance requirements
31. @m365blr #M365BLR
SPEAKERS PANEL
People Powered Workspace
using Microsoft Viva
Track Number: 2
Session Time : 10:55 AM to 11:40 AM
Sathish Nadarajan
Solution Architect
Next Session
Talk Track:
Azure AD is your universal platform – which means, helping you manage and secure identities and access to all applications, for any user from any location or device, with just one set of credentials
With Azure AD as the control plane to manage all of your digital estate you are able to automatically block attacks through adaptive security policies and protect your identities and data in the cloud
At the same time, you are also improving the experience for all of your users. You are letting your employees work the way they want, enabling better collaboration with your business partners, and facilitating more direct and personalized relationships with all of your customers.
Talk Track:
Azure AD is your universal platform – which means, helping you manage and secure identities and access to all applications, for any user from any location or device, with just one set of credentials
With Azure AD as the control plane to manage all of your digital estate you are able to automatically block attacks through adaptive security policies and protect your identities and data in the cloud
At the same time, you are also improving the experience for all of your users. You are letting your employees work the way they want, enabling better collaboration with your business partners, and facilitating more direct and personalized relationships with all of your customers.
What about admin accounts? You don’t want privileged accounts to have unnecessary access to critical apps and infrastructure as it can put your organization at risk. Use our discovery tools to see how many admins and roles are in your system in Azure AD. Switch to a Least Privilege access model that only gives access when needed, using automated tools and alerts.
Talk Track:
Azure AD is your universal platform – which means, helping you manage and secure identities and access to all applications, for any user from any location or device, with just one set of credentials
With Azure AD as the control plane to manage all of your digital estate you are able to automatically block attacks through adaptive security policies and protect your identities and data in the cloud
At the same time, you are also improving the experience for all of your users. You are letting your employees work the way they want, enabling better collaboration with your business partners, and facilitating more direct and personalized relationships with all of your customers.
Talk Track:
Azure AD is your universal platform – which means, helping you manage and secure identities and access to all applications, for any user from any location or device, with just one set of credentials
With Azure AD as the control plane to manage all of your digital estate you are able to automatically block attacks through adaptive security policies and protect your identities and data in the cloud
At the same time, you are also improving the experience for all of your users. You are letting your employees work the way they want, enabling better collaboration with your business partners, and facilitating more direct and personalized relationships with all of your customers.
Implement Azure AD access reviews
With Azure AD access reviews, you can manage access package and group memberships, access to enterprise applications, and privileged role assignments to make sure you maintain a security standard. Regular oversight by the users themselves, resource owners, and other reviewers ensure that users don't retain access for extended periods of time when they no longer need it.