« Previous 1 2 3
Privileged Identity Management in Azure AD
Just Enough
Bottom Line
Especially for larger enterprises in which cloud services are managed by a group of admins and security is a top priority, PIM is worth a look.
MFA for administrative accounts should always be the first step toward securing privileged accounts; however, MFA does not provide protection against "accidental" administration or an attacker that hijacks a session after an MFA prompt, which is also valid for a few hours. PIM in AAD expands JIT and JEA, giving organizations more control over changes in AAD services and Azure resources.
The time limit on permissions can provide protection against the disease from which many Windows AD deployments still suffer today: a static, excessively long list of domain admins that is never tidied up and, in the worst case, contains accounts that are used for daily work, such as email and PowerPoint.
Infos
- Two-man rule: https://en.wikipedia.org/wiki/Two-man_rule
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)