Describe the identity protection and governance capabilities of Azure AD Flashcards
Describe Microsoft Entra ID Governance
ID Governance gives organizations the ability to do the following tasks:
-Govern the identity lifecycle.
-Govern access lifecycle
-Secure privileged access for administration
It’s intended to help org address these four key questions:
-Which users should have access to which resource?
-What are those users doing with that access?
-Are there effective organizational controls for managing access?
-Can auditors verify that the controls are working?
Define Identity Lifecycle - Microsoft Entra ID Governance
Many organizations model the “join, move, and leave” process.
Join - joins the company and role will need to be created.
move - changes roles and role will need to be modified
leave - leaves the company and role may need to be deleted
Define Access Lifecycle - Microsoft Entra ID Governance
It is the process of managing access throughout the user’s organizational life. Orgs can automate the access lifecycle process by creating dynamic groups.
Define Privileged access lifecycle - Microsoft Entra ID Governance
Microsoft Entra Privileged Identity Management (PIM) provides extra controls tailored to securing access rights.
Describe access reviews
Microsoft Entra access reviews enable orgs to efficiently manage group memberships.
Some use cases:
-Too many users in privileged roles
-Business critical data access - ask people regularly to justify why they need access.
-To maintain a policy’s exception list that is checked regularly
-Ask group owners to confirm they still need guests in their groups
-Have reviews recur periodically.
Define Multi-stage access reviews
This supports up to three review stages, in which multiple types of reviewers engage in determining who still needs access to company resources.
Describe Entitlement Management
is an identity governance feature that enables organizations to manage the identity and access lifecycle at scale. It automates access request workflows, access assignments, reviews, and expiration.
Describe Privileged Identity Management (PIM)
It is a service of MEID that enables you to manage, control, and monitor access to important resources in your org.
PM is:
-Just in time,
-Time-bound, by assigning start and end dates that indicate when a user can access resources.
-Approval-based, requiring specific approval to activate privileges.
-Auditable, allowing a full access history.
PIM reduces the chance of malicious actors getting access by minimizing the number of people who have access to secure information.
What can you do with PIM?
You can use PIM with:
-Microsoft Entra roles - these roles include built-in and custom roles to manage Microsoft Entra ID and other Microsoft 365 online services
-Azure roles - The role-based access controls (RBAC) roles in Azure grant access to management groups, subs, resource groups, and resources.
-PIM for Groups - the feature can be used to govern access to various scenarios that include Microsoft Entra roles, Azure roles, as well as Azure SQL, Azure key Vault, Intune, other app roles, and third-party apps.
Describe Microsoft Entra ID Protection
Identity Protection is a tool that allows organizations to accomplish three key tasks:
-Automate the DETECTION and REMEDIATION of identity-based RISKS.
-INVESTIGATE RISKS using data in the portal.
-EXPORT RISK detection data to third-party utilities for further analysis.
1.) Detect risk - risk can be detected at the user and sign-in level, can be categorized as low, medium, or high, and may be calculated in real-time and offline.
2.) Investigate risks - provides orgs with 3 reports (risky user, risky sign-ins, and risk detection).
3.) Remediate - Orgs can enable automated remediation using their risk policies. It can require them to perform a multifactor authentication and if successful then the risk is automatically remediated.
4.) Export - data from these reports can be exported for archiving, further investigation, and correlation.
Describe Microsoft Entra Permissions Management
Microsoft Entra Permissions Management is a cloud infrastructure entitlement management (CIEM) product that provides comprehensive visibility and control over permissions for any identity and any resource in Microsoft Azure, AWS, and Google Cloud Platform.
Reasons why they created this:
-Orgs have multiple cloud providers
The number of high-risk cloud permissions is exploding
-Security teams are under increased pressure to keep things safe
-the inconsistency between cloud providers makes it more complex to manage.
Permission Management detects, automatically right-sizes (remediates), and continuously monitors unused and excessive permissions.
Describe Microsoft Entra Verified ID
It is a managed verifiable credentials service based on open standards. Verified ID automates verification of identity credentials and enables privacy-protected interactions between organizations and users.
