Privileged Identity Management : The Concepts

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email
Table of Contents

introduction

any Organization want to minimize the number of people who have access to secure information or resources,

which will reduces the chance of a malicious actor getting that access, or  even an authorized user impacting a sensitive resource

this will lead us to the concept of Privileged Identity Management (PIM)

what is Privileged Identity Management (PIM)

Privileged Identity Management (PIM) is a service in Azure Active Directory (Azure AD) that enables you to :

  • manage
  • control
  • and monitor access to important resources in your organization.

 

These resources include resources in:

  • Azure AD, Azure
  • Microsoft 365 
  • Microsoft Intune

what does PIM do ?

PIM is able to do the following :

  • provides time-based and approval-based role activation to mitigate the risks of   misused access permissions on resources 
  • Provide just-in-time privileged access to Azure AD and Azure resources
  • Assign  access to resources  for limited time 
  • Require approval to activate privileged roles
  • Enforce multi-factor authentication to activate any role
  • Use justification to understand why users activate
  • Get notifications when privileged roles are activated
  • Conduct access reviews to ensure users still need roles ( access review will be fully discussed in separate article ) 
  • Download audit history for internal or external audit

License requirements for PIM

PIM require the following license 

  • Azure AD Premium Premium 2  
  • Enterprise Mobility + Security (EMS) E

PIM Aspects

next coming articles we will discuss PIM aspects  in fully details like : 

permanents assignment 

  • which is  privileged assignment for Unlimited time  
  • simply like NO PIM configured 

time boundary assignment

  • Role privileged assigned and active for specific mount of time  for example 2 week
  •  user can use his Role any time  

eligible access for permanently 

  • this means that user user is eligible to use administrative Role 
  • The user  will activate Role when required for small mount of time (for example 1 hour )  
  • after that role will be expired 
  • this will help that if user account has been compromised –>  so NO risk that will could be used to harm your organization 

eligible access for specific time (for example 3 weeks ) 

  • this means that user user is eligible to use administrative Role for 3 weeks 
  • The user  can activate Role (within 3 weeks ) when required for small mount of time (for example 1 hour )  
  • after that role will be expired 
  • this will help that if user account has been compromised –>  so NO risk that will could be used to harm your organization 
  • eligible access for specific time (for example 3 weeks ) but with approval workflow 

    • this means that user user is eligible to use administrative Role for 3 weeks 
    • The user  can send activation  Role request to PIM approvers group  (within 3 weeks ) when required for small mount of time (for example 1 hour )  
    • if one of approvers group approve user request >> user role will be activated for small mount of time (1 hour for example ) 
    • after that role will be expired –> and he has to send request again 
    • this will help that if user account has been compromised –>  so NO risk that will could be used to harm your organization 

conclusion

this was briefly overview about PIM 

next article we will see how to deploy PIM and how to use to control previvileaged management 

please join us there 

Share this post
Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

About Me

Our Power in Numbers

 17 

Courses

321

Articles

3,882

Images
and All configurations images are proudly made in Pioneers Lab

Articles By Course

Recent Articles

Subscribe

Contact us

have a challenge ? don’t hesitate to contact us