Secure your M365 resources using Azure AD Identity Governance
•Als PPTX, PDF herunterladen•
1 gefällt mir•370 views
This document summarizes a presentation about using Azure Active Directory (Azure AD) for identity governance. The presentation discusses how Azure AD features like Privileged Identity Management, Terms of Use, Entitlement Management, and Access Reviews can help address four challenges: 1) too many users had privileged access, 2) a need to enforce non-disclosure agreements, 3) streamlining access to resources, and 4) gaining visibility on guest users. Each Azure AD feature is mapped to a specific challenge. The presentation concludes that Azure AD identity governance features can help govern the identity lifecycle, govern access, secure privileged access, and meet compliance requirements. Resources are provided for further reading. Feedback is requested from attendees.
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Ähnlich wie Secure your M365 resources using Azure AD Identity Governance
Ähnlich wie Secure your M365 resources using Azure AD Identity Governance (20)
Mehr von Vignesh Ganesan I Microsoft MVP
Mehr von Vignesh Ganesan I Microsoft MVP (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Secure your M365 resources using Azure AD Identity Governance
- 2. @m365blr #M365BLR Thank You Sponsors!
- 3. @m365blr #M365BLR A One Day Virtual Event • Hands on sessions by experts and community leaders • Deep-dive into Microsoft 365 Services • Focus on • Microsoft Teams • SharePoint Win exiting prizes! LENOVO TAB M10 ECHO DOT 4th GEN • Microsoft Power Platform EVENT T-SHIRTS
- 4. @m365blr #M365BLR SPEAKERS PANEL Secure your M365 resources using Azure AD Identity governance Track Number : 2 10:05 AM -10:50 AM IST Vignesh Ganesan Enterprise Cloud Architect & Technology Strategist Session No.1
- 5. @m365blr #M365BLR Secure your M365 resources using Azure AD Identity governance
- 7. @m365blr #M365BLR Azure AD -A complete IAM solution
- 8. @m365blr #M365BLR Azure AD DS B2B collaboration Azure AD B2C Azure AD offers depth and breadth Identity and access management for employees, partners, and customers Dynamic groups Self-service capabilities Azure AD Connect Conditional access Microsoft Authenticator— password-less access Azure AD Join MDM-auto enrollment/ Enterprise State Roaming Security reporting Identity protection Privileged identity management HR App integration Access reviews Connect health Remote access to on-premises apps Addition of custom cloud apps Access panel/MyApps Provisioning/ deprovisioning Group-based licensing Multi-factor authentication Office 365 App Launcher SSO to SaaS
- 9. @m365blr #M365BLR Introduction to Azure AD Identity Governance Who has / should have access to which resources? What are they doing with that access? Are there effective organizational controls for managing access? Can auditors verify that the controls are working? Productivity Security Timely access to the right resources The right people have the right access to resources
- 10. @m365blr #M365BLR Governance is a journey ,not a destination Identity lifecycle facilities collaboration Access lifecycle provides seamless and efficient access Privileged access lifecycle addresses risks inherent in administration
- 11. @m365blr #M365BLR Case study A company named Vignesh Ganesan is using Office 365 and collaborating with other organizations to share data on a campaign Challenges • Recent audit discovered too many users had standing privileged access • Legal regulations require users to sign a Non-disclosure agreement before having access • Need to streamline the process of getting resources and permissions assigned to users • No control over external user’s lifecycle, will like more visibility on guest activity
- 12. @m365blr #M365BLR We will be focusing about these 4 diff solutions today Azure AD Privileged Identity Management Azure AD Terms of use Azure AD Entitlement Management Azure AD Access reviews Everything that I’ll be discussing about today needs an Azure AD P2 license !
- 13. @m365blr #M365BLR Challenge 1: Recent audit discovered too many users had standing privileged access
- 14. @m365blr #M365BLR Privileged Identity Management (PIM) Ensure admins have the right access Discover privileged roles (Azure AD ,Office 365 &Azure) Reduce attack surface-reduce risk Role activation “Just In Time” Audit reports for compliance
- 15. @m365blr #M365BLR Challenge 2: Legal regulations require users to sign a Non-disclosure agreement before having access
- 16. @m365blr #M365BLR • Configure a terms of use by uploading a PDF document(s) for each necessary language • Target to users, groups or applications using conditional access • Enforce acceptance of terms for users in scope • Audit events show who accepted / which terms / when Terms of Use Simple method to present information to end users and requiring their consent after authentication and prior to getting access
- 17. @m365blr #M365BLR Terms of Use Common reasons : End user experience:
- 18. @m365blr #M365BLR Terms of use deployment • Terms of use in multiple languages • Conditional Access policy to enforce per user ,per device, on all/certain apps • User reads and consents • Review reports and audit logs
- 19. @m365blr #M365BLR Challenge 3: Need to streamline the process of getting resources and permissions assigned to users
- 20. @m365blr #M365BLR Azure AD Entitlement Management Catalogs of named access rights across resources that a user can be granted access to , through a request / approval process
- 21. @m365blr #M365BLR Challenge 4: No control over external user’s lifecycle, will like more visibility on guest activity
- 22. @m365blr #M365BLR Azure AD Access Reviews • Provide oversight for which users have access to what resources • Prompts users to ensure their access is limited to the resources they need • Applies to employees and guest users Marketing Operations
- 23. @m365blr #M365BLR Access Reviews Provide oversight for which users have access to what resources Prompts users to ensure their access is limited to the resources they need Applies to employees and guest users
- 24. @m365blr #M365BLR Access reviews scenarios
- 25. @m365blr #M365BLR Azure AD Access Reviews Recertify : attest and audit continued access • Review Office 365 group members, security group members , and users assigned to applications • Optionally, scope the reviews to just guests • Select reviewers from the resource Group owners Members review their own access Select other specific individuals
- 26. @m365blr #M365BLR Access Reviews process • Identify resource where users have access • Identify the business owner for confirming user’s access • Business owners review access on a regular basis • Reviewers can line-item deny users' access, or give justification • Upon completion of the review, access is removed for denied users • Results are retained for subsequent use in auditor investigation
- 27. @m365blr #M365BLR Session takeaways • Azure AD can help address Identity governance requirements • Create access reviews and gain better control of the user lifecycle • Go-do: discover privileged account in your tenant and convert them to eligible • Ensure that all your compliance requirements using Azure AD
- 28. @m365blr #M365BLR The power of Azure AD Identity governance Azure AD Privileged Identity Management Azure AD Terms of use Azure AD Entitlement Management Azure AD Access reviews • Govern the identity lifecycle • Govern access lifecycle • Secure privileged access for administration • Meet compliance requirements
- 29. @m365blr #M365BLR Ref • https://docs.microsoft.com/en-us/azure/active-directory/governance/ • https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity- management/pim-configure • https://docs.microsoft.com/en-us/azure/active-directory/conditional- access/terms-of-use • https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement- management-overview • https://docs.microsoft.com/en-us/azure/active-directory/governance/access- reviews-overview • https://azure.microsoft.com/en-in/pricing/details/active-directory/#pricing
- 31. @m365blr #M365BLR SPEAKERS PANEL People Powered Workspace using Microsoft Viva Track Number: 2 Session Time : 10:55 AM to 11:40 AM Sathish Nadarajan Solution Architect Next Session
- 32. @m365blr #M365BLR Thank you Don’t forget to participate in the Quiz at the end and receive exciting prizes
Hinweis der Redaktion
- All this and more for less $$$ than Okta
- Talk Track: Azure AD is your universal platform – which means, helping you manage and secure identities and access to all applications, for any user from any location or device, with just one set of credentials With Azure AD as the control plane to manage all of your digital estate you are able to automatically block attacks through adaptive security policies and protect your identities and data in the cloud At the same time, you are also improving the experience for all of your users. You are letting your employees work the way they want, enabling better collaboration with your business partners, and facilitating more direct and personalized relationships with all of your customers.
- Talk Track: Azure AD is your universal platform – which means, helping you manage and secure identities and access to all applications, for any user from any location or device, with just one set of credentials With Azure AD as the control plane to manage all of your digital estate you are able to automatically block attacks through adaptive security policies and protect your identities and data in the cloud At the same time, you are also improving the experience for all of your users. You are letting your employees work the way they want, enabling better collaboration with your business partners, and facilitating more direct and personalized relationships with all of your customers.
- What about admin accounts? You don’t want privileged accounts to have unnecessary access to critical apps and infrastructure as it can put your organization at risk. Use our discovery tools to see how many admins and roles are in your system in Azure AD. Switch to a Least Privilege access model that only gives access when needed, using automated tools and alerts.
- Talk Track: Azure AD is your universal platform – which means, helping you manage and secure identities and access to all applications, for any user from any location or device, with just one set of credentials With Azure AD as the control plane to manage all of your digital estate you are able to automatically block attacks through adaptive security policies and protect your identities and data in the cloud At the same time, you are also improving the experience for all of your users. You are letting your employees work the way they want, enabling better collaboration with your business partners, and facilitating more direct and personalized relationships with all of your customers.
- Talk Track: Azure AD is your universal platform – which means, helping you manage and secure identities and access to all applications, for any user from any location or device, with just one set of credentials With Azure AD as the control plane to manage all of your digital estate you are able to automatically block attacks through adaptive security policies and protect your identities and data in the cloud At the same time, you are also improving the experience for all of your users. You are letting your employees work the way they want, enabling better collaboration with your business partners, and facilitating more direct and personalized relationships with all of your customers.
- Implement Azure AD access reviews With Azure AD access reviews, you can manage access package and group memberships, access to enterprise applications, and privileged role assignments to make sure you maintain a security standard. Regular oversight by the users themselves, resource owners, and other reviewers ensure that users don't retain access for extended periods of time when they no longer need it.