- Mastering Identity and Access Management with Microsoft Azure
- Jochen Nickel
- 442字
- 2021-07-02 12:57:17
Protect your administrative accounts
In this section, we will use Azure AD Premium P2 PIM to protect an administrative account in a quick intro.
Open https://portal.azure.com as admin@domain.onmicrosoft.com to start the configuration.
Click All Services and choose the Azure AD Privileged Identity Management.
Now, we need to Consent to PIM to use the service:
You will need to verify your identity and provide your preferred security verification option, as you can see in the following screenshot:
Finish the verification process and click Consent—proceed:
Next, we sign up under Azure AD Roles, so that users can enable Azure AD roles. Click Sign up PIM for Azure AD Roles to activate the functionality:
Now that the feature is enabled, we can assign the roles to our users.
Click Assign eligibility to start the task:
Click the Global Administrator Role, view the actual members, and add your test account to the role:
View the expected result:
Let's test our configuration by opening an InPrivate browser session; open https://portal.azure.com and log in with your own test account. Click All Services and choose Azure AD Privileged Identity Management. Choose My roles and activate the Global Administrator role for your account:
Next, you need to verify your identity. Follow the process, register, and verify your account. You need to complete the registration process just once:
After the registration and verification processes are finished, you can Activate your role:
Provide a reason for your role activation. You will note that the role is limited for 1 hour and that you can define a custom activation time. Later in the book, we will configure different roles and features:
Verify that your role is activated. You have successfully requested your Global Administrator role for the first time over Azure AD PIM. This is very useful so that high privileges are not permanently assigned to your account:
We always recommend that you leave one Global Administrator permanently assigned, and that no Azure MFA is required to use the account. Use this account as a Breaking Glass account if the Azure AD PIM or MFA service is not available.
Next, we will configure user and group-based application access in Azure AD.
- 黑客大曝光:無線網(wǎng)絡(luò)安全(原書第3版)
- 白帽子講Web安全(紀(jì)念版)
- 黑客攻防技巧
- 計算機使用安全與防護(hù)
- 工業(yè)物聯(lián)網(wǎng)安全
- 硬黑客:智能硬件生死之戰(zhàn)
- 計算機網(wǎng)絡(luò)安全技術(shù)研究
- Web安全之深度學(xué)習(xí)實戰(zhàn)
- 網(wǎng)絡(luò)用戶行為的安全可信分析與控制
- 編譯與反編譯技術(shù)實戰(zhàn)
- 信息技術(shù)基礎(chǔ):提高篇·實驗與習(xí)題
- 黑客攻防從入門到精通
- 華為Anti-DDoS技術(shù)漫談
- 信息系統(tǒng)安全等級化保護(hù)原理與實踐
- 黑客攻防入門