Securing Privileged Access with JIT,JEA,PAM,PIM Oh the confusion

From time to time (Every other day) , I get asked why and what does it mean for me , Well below is a high level of the what , how , why. Start with the videos on the topic and then move to the reference links. 

Cyber Security Reference Architecture : https://channel9.msdn.com/Blogs/Taste-of-Premier/ToP1808 or https://www.youtube.com/watch?v=AeMalNggPZU

Privileged Access Why : https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access

How can the Privileged Access be managed

Why PAM

  • Add Protection to privileged Accounts
  • Re-establish Control over Active Directory
  • Insight into how admin accounts are used

Security Advantages

  • Pass-the-Hash
  • Pass-the-Ticket
  • Spear phishing

How does this work

  • Shadow Security principals
  • Time-limited group membership
  • PAM cross-forest trust
  • PAM workflow (MIM)

What about Azure? Microsoft has you covered we call it PIM

Azure AD Privileged Identity Management helps your organization

Videos on PIM :

https://channel9.msdn.com/Blogs/Azure/Windows-Azure-Multi-Factor-Authentication?ocid=player

https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos/Azure-AD-Privileged-Identity-Management

What it can do for you in Azure

  • See which users are assigned privileged roles to manage Azure resources (Preview), as well as which users are assigned administrative roles in Azure AD
  • Enable on-demand, “just in time” administrative access to Microsoft Online Services like Office 365 and Intune, and to Azure resources (Preview) of subscriptions, resource groups, and individual resources such as Virtual Machines
  • See a history of administrator activation, including what changes administrators made to Azure resources (Preview)
  • Get alerts about changes in administrator assignments
  • Require approval to activate Azure AD privileged admin roles (Preview)
  • Review membership of administrative roles and require users to provide a justification for continued membership

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/active-directory-securing-privileged-access

Cheers

David @TheMIMGuy

David Steadman has written 39 articles

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>