Join Pete Zerger for an in-depth discussion in this video Performing an access review, part of Microsoft Cybersecurity Stack: Advanced Identity and Endpoint Protection.
- [Instructor] Role assignment in Azure Active Directory become stale when users have privileged access they don't need anymore. The point of just-in-time and just-enough access is to ensure users have elevated privileges only as long as necessary. In order to reduce the risk associated with these stale role assignments, as an Azure Administrator you should regularly review the roles that users have been given. We can initiate this review process from the Azure AD Privileged Identity Management Feature.
I'll browse to https://portal.azure.com, login with my kinetECO Azure AD user, and then I will launch the Privileged Identity Management dashboard. You see I've pinned the dashboard here onto my menu. If you haven't yet pinned Privileged Identity Management simply browse through More services and search on Privileged Identity Management. So I'll launch the dashboard, and there are a couple of ways to start an access review. So in the menu, I can select Azure AD directory roles, and I can then select Roles, and use the Review option here or on that same menu under MANAGE I can select Access reviews and I can click Add and start that review process.
So let's go ahead and add an Access review. So I'll call this Security Administrator Review. You want to make sure you set a start date long enough for your assigned users to complete it. If they finish before the end date you can always stop the review early. So I'll provide a name, a start and an end date. You see that it defaults to one month, that's a good default I believe. I'll select an administrator role, remember that a review process always focuses on one role.
I'm going to select Security Administrator in this place. From the Reviewers menu here, you'll notice I'm going to pick Members. This is a self-audit so-to-speak so my members can tell me if they still require that elevated access. In the Advanced settings area here, you'll notice I have options to enable email notifications to the reviewer when the reviews start and to admins when a review completes. Reminders for folks who haven't completed the review. And finally I can require the reviewer to supply a reason for approval, for continued membership, continued eligibility in that role.
So I'll go head and start this process. So this is creating the access review. And once this is completed, I can now switch my view here. I'm going to go to the Azure portal in the context of Adam Wallen so we're going to look at that review process from Adam's perspective, who has eligibility and a number of roles. I can see he's pinned the Azure AD Privileged Identity Management feature to his menu. And we'll go to My roles, so we see he has some role eligibility including that Security Administrator.
Now we'll go have a look at Review access, and we'll see here in fact that there is a review. So we've now given Adam the capability to review, tell us if he needs access, and to supply for us a justification if he needs continued access. So he's supplied his justification and completed the review. And again if your users finish the review early, you can always go and stop that review ahead of time. So I'll go back to my portal as the administrator who kicked off that review.
I'm going to go look at that Access review, here we see that it's active, and once that's done if I wish it to stop early I can simply stop the review. Mission accomplished. Until the review period is over though, you can remind users to complete the review, or stop the review early from the Access Review section. Again, Privileged Identity Management is all about just-enough access and just-in-time access. It's critical to make sure that we don't let those roles get stale providing the capability of privilege of elevation where it's not needed.
- Configuring virtual-based security
- Securing email
- Implementing post-breach defense
- Protecting the cloud with Azure AD
- Using Windows Defender ATP
- Managing privileged access in Azure