Tag Archives: Azure AD PIM

#Azure AD : All about Azure Active Directory


IT has moved from Datacenter Era to the Cloud Era. Focus of the organizations have been changed from one specific set of vendors to the open world of technology. Since Datacenter came in inception, Identity has played a vital role and always been used to treat as a backbone of IT. Now in the new era of multi-cloud environment, Identity is playing a centric role that itself is a new beginning of Identity that has been extended from IT backbone to user-experience oriented.

Microsoft had played a key role in datacenter era by Windows Server Active Directory and now again playing a crucial role in multi-cloud environment by offering Azure Active Directory. Microsoft Azure Active Directory in not only a directory service but it is a complete cloud service that can fulfill all your identity and authorization needs. However, you may find there are couple of things related to identity that can’t be fulfilled by native AAD features but it is continuously evolving.

In this era, organizations don’t need SME for everything but they need design SME who has board understanding of complete end-to end solution stack starting from infrastructure technologies to application technologies.

I have written a series of blog posts on Microsoft Azure AD and these posts mainly focus on how to do it or you can say step-by-step guides backed by real-time scenarios.

Microsoft Azure Active Directory

Azure AD Connect

SSO to SaaS

Application Proxy

Multi-factor Authentication

Self-service Password Management

Self-service group management

Access Panel/My Apps

Dynamic groups membership

Pricing, Licensing and Support

Conditional Access

Custom domain names

Company branding

Cloud App Discovery

Group-based licensing

Identity Protection Part I

Identity Protection Part II

Identity Protection Part III

Privileged Identity Management Part I

Privileged Identity Management Part II

Privileged Identity Management Part III

Azure Active Directory Domain Services Part I

Azure Active Directory Domain Services Part II

Azure Active Directory Domain Services Part III

Azure Active Directory Domain Services Part IV

Device Management – Azure AD Registering

Device Management – Azure AD Join

B2B Collaboration

B2B Licensing

B2C

Error – SSPR_0029: We are unable to reset your password due to an error in your on-premises configuration.

Above series of blog posts have covered most of the areas of Azure Active Directory. You can bookmark this blog post for any Azure AD need, I’ll try my level best to add new Azure AD related posts in this series.

Advertisements

#AzureAD : Privileged Identity Management Part III


Part I and Part II of this blog posts cover how to start with Azure AD Privileged Identity Management, assign privileged administrator role to administrators, just in time access, different methods to assign just in time access and Azure AD directory role customization. This post covers Access reviews, directory roles audit history and my audit history.

Azure AD PIM Access reviews provide control to administrators to review their access roles or other administrator’s roles based on configuration. To implement access reviews, login to Azure AD portal and go to the Azure AD Privileged Identity management.

Go to the Access reviews under Azure AD directory roles. Select Add to create a new access reviews.

Fill the details based on your requirements.

In review role membership, select a role that you wish to review. In one access review, you can have only role for review. Therefore, you need to create a unique access review for each role used by your organization.

In reviewers section, select who is going to review this role either administrator himself (Members (self)) or someone else (selected users). In my case, I am selecting Members (self). Once configured everything based on requirements, select start.

Once created successfully, privilege administrators can see it on access reviews under manage while the users in case of Members (self) can see it in their review access panel under tasks.

As a privileged administrator you can stop or delete this access review and change the configuration.

As per my configuration of access reviews, password administrator has to review his access and provide the approval. User needs to login with his identity and go to the review access section under tasks.

Once you open the Access review, you can see that your identity exist in not reviewed section.

Select the user, provide the reason for approval and finally click on approve.

Once reviewed, remaining items will become 0.

Now, let see how privileged administrator can review the activity of directory roles by looking at “Directory roles audit history” under Activity in Azure AD directory roles.

Privileged administrator can scroll the page and review all the actions performed for Azure AD directory roles.

Privileged role administrators and other directory role administrators can review their tasks by going through “My audit history” under Activity in Azure AD Privileged identity Management.

Privileged role administrator can also look at the alerts section under Manage for risks and associated severity for proactive safeguards.

I have covered most of the topics related to PIM. However, you can explore more topics such as Azure resources (preview) under Manage.

I hope this series on Azure AD Privileged Identity Management helped you