- Mastering Identity and Access Management with Microsoft Azure
- Jochen Nickel
- 442字
- 2021-07-02 12:57:17
Protect your administrative accounts
In this section, we will use Azure AD Premium P2 PIM to protect an administrative account in a quick intro.
Open https://portal.azure.com as admin@domain.onmicrosoft.com to start the configuration.
Click All Services and choose the Azure AD Privileged Identity Management.
Now, we need to Consent to PIM to use the service:
You will need to verify your identity and provide your preferred security verification option, as you can see in the following screenshot:
Finish the verification process and click Consent—proceed:
Next, we sign up under Azure AD Roles, so that users can enable Azure AD roles. Click Sign up PIM for Azure AD Roles to activate the functionality:
Now that the feature is enabled, we can assign the roles to our users.
Click Assign eligibility to start the task:
Click the Global Administrator Role, view the actual members, and add your test account to the role:
View the expected result:
Let's test our configuration by opening an InPrivate browser session; open https://portal.azure.com and log in with your own test account. Click All Services and choose Azure AD Privileged Identity Management. Choose My roles and activate the Global Administrator role for your account:
Next, you need to verify your identity. Follow the process, register, and verify your account. You need to complete the registration process just once:
After the registration and verification processes are finished, you can Activate your role:
Provide a reason for your role activation. You will note that the role is limited for 1 hour and that you can define a custom activation time. Later in the book, we will configure different roles and features:
Verify that your role is activated. You have successfully requested your Global Administrator role for the first time over Azure AD PIM. This is very useful so that high privileges are not permanently assigned to your account:
We always recommend that you leave one Global Administrator permanently assigned, and that no Azure MFA is required to use the account. Use this account as a Breaking Glass account if the Azure AD PIM or MFA service is not available.
Next, we will configure user and group-based application access in Azure AD.
- 云原生安全:攻防實踐與體系構建
- Kali Linux Social Engineering
- Kali Linux CTF Blueprints
- CSO進階之路:從安全工程師到首席安全官
- 網絡安全意識導論
- Enterprise Cloud Security and Governance
- 工業物聯網安全
- 代碼審計:企業級Web代碼安全架構
- 軟件安全保障體系架構
- Instant Java Password and Authentication Security
- 物聯網安全滲透測試技術
- 黑客攻擊與防范實戰從入門到精通
- Manga Studio 5 Beginner's Guide
- ATT&CK視角下的紅藍對抗實戰指南
- Metasploit Bootcamp