Azure Strengthens Zero Trust Security with Azure Active Directory Privileged Identity Management
One of the best defenses against cyberattacks is to implement Zero Trust security and least privilege access for users and resources who need to work within your network, especially those who only need access from time to time. For the Azure hybrid cloud, Microsoft has developed its Azure Lighthouse capability, including the addition of Azure Active Directory Privileged Identity Management.
Azure Lighthouse makes it easier for service providers to automate the management of customer infrastructure. It also provides fine-grained access control that places the customer in charge of which resources are available to which service providers.
Via Azure Lighthouse, customers can be certain their exposure to security risks from integrating with partners will be appropriately limited.
Earlier this month, Microsoft released another iteration toward Zero Trust and least privilege access: the preview of Azure Active Directory Privileged Identity Management (Azure AD PIM) integration with Azure Lighthouse.
The gist of Azure AD PIM is simple – it gives customers the opportunity to share access to a privileged role for a limited period of time to ensure the least amount of exposure to threats. Operators elevate their partners’ access to a privileged role before they can work on their network. This just-in-time access lasts only for a predetermined duration (up to eight hours), after which the access for that operator is automatically removed and they return to having read-only access to various resources. You also can require that service providers obey a defined set of policy options when authenticating, such as requiring multifactor authentication.
The service provider benefits just as much as the user, as well. By limiting each operator’s access to just when it’s needed, the service provider can demonstrate when operators had and did not have access to their customer’s resources using traceable Azure AD PIM audit logs that can be reviewed with the customer.
Azure Active Directory Privileged Identity Management makes it simple for Azure users to take advantage of these capabilities. After the customer accepts the offer, service provider users can activate an Azure orle on the delegated scope through an intuitive portal experience. Only the eligible roles that have been assigned to that specific user can be activated, which significantly reduces the risk of operator error.
Ransomware and supply chain compromises have become way too commonplace for you to ignore the cybersecurity of your Microsoft Azure infrastructure any longer. For help securing your cloud, contact 2W Tech. We are a technology service provider specializing in solutions for the manufacturing industry, as well as a Microsoft Gold Partner.