#AzureAD Identity Protection, Azure AD Privileged Identity Management and Azure AD Premium P2 available Sept 15th, 2016


Azure AD Identity Protection is a feature that analyzes more than 10TB of behavioral and contextual data to detect and block attempts to attack your company’s Azure AD accounts. You can read about this in a previous blog post here: https://spanougakis.wordpress.com/2016/09/13/azuread-identity-protection-now-gets-enhanced-federation-support-and-is-available-in-europe/

Another great feature is the Azure AD PIM, which helps you:

  • See which users are Azure AD administrators
  • Enable on-demand, «just in time» administrative access to Microsoft Online Services like Office 365 and Intune
  • Get reports about administrator access history and changes in administrator assignments
  • Get alerts about access to a privileged role

Azure AD Privileged Identity Management can manage the built-in Azure AD organizational roles, including:

  • Global Administrator
  • Billing Administrator
  • Service Administrator
  • User Administrator
  • Password Administrator

The new  Just in time administrator access feature works like this: you have the option to create eligible admins, meaning that the user that needs admin access has to complete an activation process and becomes an admin for a predefined amount of time.

By using the Azure AD PIM feature you can check which users are admins and activate the Just-In-Time (JIT) privileged role assignment. In the following screenshot you can see that I can discover privileged roles and users:

pim1

So you can actually see that I have 3 Global Admins, 1 Privileged Role Administrator and 1 Security Administrator:

pim2

And now you can see that I’ve made a user to be eligible as a User Administrator for a maximum period of 24 hours:

pim3

You can also start an access review and make sure that your privileged accounts have the correct permissions:

pim4

For more details, you can check the following article: https://azure.microsoft.com/en-us/documentation/articles/active-directory-privileged-identity-management-configure/

Thanks for your time!

One thought on “#AzureAD Identity Protection, Azure AD Privileged Identity Management and Azure AD Premium P2 available Sept 15th, 2016

  1. Παράθεμα: #AzureAD Privileged Identity Management Approval Workflows are now in Public Preview | spanougakis.com

Τα σχόλια είναι απενεργοποιημένα.