Summary

In this chapter, we have introduced you to the principles of RBAC and PIM.

We showed you how RBAC provides access management capabilities to Azure resources and enables Microsoft 365 administrators to manage access to these resources, the actions users can take, and what resources are accessible to them.

In addition, we demonstrated the steps you need to consider in order to diligently plan your PIM configuration, how to activate and license PIM on your tenant, and configure and assign roles to your users and resources with the principle of least privilege applied.

We also demonstrated how to make users eligible for privileged access roles to gain just-in-time access, how to assign permanent access to privileged roles where required, and how to remove this access when it is no longer required. Finally, we looked at the various monitoring capabilities of PIM, which enable you to keep on top of your PIM configuration and make sure that access is granted only when it's required.

In the next chapter, we will look at Identity Protection concepts in detail, along with techniques you can use to identify and protect against risky sign-in activities, such as impossible travel and non-compliant devices.