This latest service offering from Azure AD empowers you to control, manage, and monitor access to critical resources in your organisation. This is inclusive of Microsoft Online Services (Office 365, Intune, etc.), as well as resources internal to Azure and Azure AD.

Why should I use PIM?

A common cause of data breaches, besides hacking, is ineffective access management. Reducing the number of individuals who have access to secure resources or information, should be a priority. This dramatically reduces the chance of an authorised user inadvertently impacting a sensitive asset, or of a malicious actor gaining access. PIM enables you to mitigate risks to assets.

 

How can we use PIM?

The key capabilities of PIM are;
  • Assign JIT (Just-in-time) privileged access to Azure and Azure AD resources.
  • Assign ‘Approval Required’ to activate privileged roles.
  • Assign time restrictions to resources by attributing ‘start’ and ‘end’ dates.
  • Apply MFA (multi-factor authentication) to activate roles.
  • Receive notifications upon activation of privileged roles.
  • Utilise access reviews to gain insight on whether users still need the specific roles allocated.
  • Advanced auditing with audit history.
  • Resource dashboard

    PIM displays data in a BI dashboard, allowing for a transparent view of user access status’. The familiarity in user interface enables your IT professionals to quickly audit existing status’ and efficiently action.

    Role Types:

    There are three types of roles that can be attributed within PIM.

    As a Privileged Role Administrator, you can:

  • View ‘Requests’ and ‘Approval’ history for all privileged roles.
  • Approve specific roles.
  • Specify users and/or groups to approve requests.
  • Approve specific roles.
  • As an approver, you can:

  • View pending ‘Requests’.
  • Approve/Reject requests for role elevation (This can be done via singular or bulk approval).
  • Provide justification for ‘Requests’.
  • As an eligible role user, you can:

  • Submit requests for role activation.
  • View the status of your submitted request.
  • Complete your task within Azure AD once activation has been granted.
  • Azure’s PIM service has vast administrative capabilities and is a service we use ourselves, in-house. It’s great for assigning time-bound admin access, ensuring that critical tasks are completed in a timely, manageable fashion. The auditing capabilities offer a transparent view of activities, which is vital for nailing down risk-reduction strategies. We recommend Azure’s PIM service to any organisation that doesn’t outsource Managed Services.

     

    If you are interested in Azure for your organisation, then get in touch for a personalised quote!

    Want to find out more about the author? go.848.co/Richard