Search This Blog

Monday, August 26, 2019

Privileged Identity Management – Custom Roles

As I have mentioned earlier, I believe and hope that Microsoft will be implementing more and more self service features in Azure.

This is because I believe that automation and self service are key components in a secure infrastructure, simply because manuel processes often are bypassed or not followed correctly. Either because the process is poorly described or implemented or because it´s easier to not.

Automated processes does the job as good as they are programmed to, everytime!

From that perspective Microsofts release of custom roles in Azure AD Privileged Identity Management is a great new feature.

As always, it is not quite there yet, but I hope that they will evolve this feature to meet my expectations. Winking smile

As you will know if you read earlier posts, Privileged Identity Management is a feature that allows for dynamically adding privileges to varoius types of administrative roles.

But with the new release it is possible to create custom roles in Azure AD, that can be controlled in Privileged Identity Management.

There are 3 steps to this, creating the role in Azure AD, adjusting settings for the custom role in PIM and assigning members.


Creating the role in Azure AD:

Creating a custom role is a fairly simple procedure.


Locate Roles and administrators under Azure Active Directory and choose New custom role at the top.

image


Name the role.

image


Add the permissions.

image


And create the custom role.

image


As I wrote it is fairly simple. It will after a sync be available in PIM, from my tests, this takes a little time, so be patient.


Adjusting the settings:

First locate Custom roles in PIM under Manage.

image


Under manage select Settings and select the role you wish to configure

image


Click Edit in the top and set the settings as desired

image


Assigning members:

Under manage roles your custom role should now be listed. Select the custom role and click Add member

image


This will bring up the following where you can select the directory, custom role, members and settings

image


After setting the settings wanted, I can now see the new custom role under my roles.

image


Selecting Activate, I will get the normal PIM Activation window.

image


Conclusion

As mentioned I am a big fan of automation when it comes to security management and this feature is straight up my ally.

Note that it is a preview so test it out, but I wouldn´t recommend building any new business processes on it yet.


As always, if you would like a live demo or have any questions, feel free to reach out to us at Mindcore.

No comments:

Post a Comment