https://campbell.scot/categories/privileged-identity-management/ Recent content in Privileged-Identity-Management on Ru Campbell MVP Hugo en-gb Sun, 19 Nov 2023 14:01:41 +0000 https://campbell.scot/pim-common-microsoft-365-security-mistakes-series/ Sun, 19 Nov 2023 14:01:41 +0000 https://campbell.scot/pim-common-microsoft-365-security-mistakes-series/ <p>Entra ID&rsquo;s P2 license (previously Azure AD Premium P2) unlocks the Privileged Identity Management (PIM). PIM is part of broader <em>identity governance</em> features, and is most known for enabling just-in-time admin rights. For example, you are <em>eligible</em> to become an administrator for a maximum of <em>X</em> hours, at which point the permissions expire and you need to reactivate.</p> <p>This blog covers five of the common misconfigurations and misunderstandings I see with customers. Intuitive as PIM may appear, there are some gotchas you need to be aware of. It is a follow up from my previous <a href="https://campbell.scot/conditional-access-common-microsoft-365-security-mistakes-series/">Conditional Access – Common Microsoft 365 Security Mistakes Series</a> article.</p> https://campbell.scot/conditional-access-common-microsoft-365-security-mistakes-series/ Thu, 05 Oct 2023 21:11:27 +0000 https://campbell.scot/conditional-access-common-microsoft-365-security-mistakes-series/ <p>Conditional Access (CA) is front and center of any attempt to secure Microsoft 365. If you&rsquo;ve spent any time securing your tenant and Entra resources, you&rsquo;ll know what Conditional Access is by now, so we&rsquo;ll assume at least a level 200 understanding, skip the introduction, and instead dive into the most common mistakes I see when helping folks out with it.</p> <p>These aren&rsquo;t listed in any particular order, and the devil&rsquo;s in the details, so make sure you read the full post instead of just skimming the bullet points! There are also <em>way</em> more than five mistakes you can make with Conditional Access, but let&rsquo;s start with these.</p> https://campbell.scot/getting-started-with-azure-ad-identity-governance-part-3-privileged-identity-management-pim/ Sun, 16 Aug 2020 14:13:09 +0000 https://campbell.scot/getting-started-with-azure-ad-identity-governance-part-3-privileged-identity-management-pim/ <p>This blog is the last in a small series on Azure AD Premium P2&rsquo;s Identity Governance toolkit.</p> <blockquote> <ul> <li><a href="https://campbell.scot/getting-started-with-azure-ad-identity-governance-part-1-entitlement-management/">Part 1: Entitlement Management</a></li> <li><a href="https://campbell.scot/getting-started-with-azure-ad-identity-governance-part-2-access-reviews/">Part 2: Access Reviews</a></li> <li><a href="https://campbell.scot/getting-started-with-azure-ad-identity-governance-part-3-privileged-identity-management-pim/">Part 3: Privileged Identity Management (PIM) (this post)</a></li> </ul> </blockquote> <p>PIM is an Azure AD P2 feature that enables just-in-time (JIT) admin rights in Azure and Azure AD.  Historically, best practice has been for users to have a separate account for admin tasks, as protection against the primary account if breached.  While this is still supported under PIM, it&rsquo;s less of a requirement - PIM makes admin rights time bound on the same account and optionally require approval to activate.</p>