Alerting– Planning and Managing Roles in Microsoft 365

23/11/202223/11/2022| Christine AlbertAlerting– Planning and Managing Roles in Microsoft 365| 0 Comment| 3:49 am
Categories :

PIM also has built-in alerting functions. The alerts are designed to provide notifications if certain risk conditions are detected. Several of the role alerts have sliders for notifications that can be used to tune the alerts for your organization. Alerts are accessed through the Azure AD portal | Identity Governance | the Alerts page. By clicking on the gear icon, you can see all of the pre-configured alerts and edit them to your requirements.

Figure 6.18 – Viewing the PIM alert settings

PIM is a tool to help reduce the surface area of your organization. By reducing the number of accounts with standing privileges, you can greatly reduce the risks presented by compromised administration accounts.

Summary

In this chapter, you learned about what it means to manage Azure AD from a least-privilege perspective. Reducing the scope and privileges used to administer an environment can greatly reduce the possible impacts of administrative actions – whether those are unintentional or targeted attacks by malicious users.

In the next chapter, we’ll explore authentication options and configurations in the Microsoft 365 platform.

Knowledge check

In this section, we’ll test your knowledge of some key elements from this chapter.

Questions

  1. What is RBAC?
    • Really broad administrator control
    • Role-based administrative center
    • Role-based access control
    • Role-based administrative control
  2. Which technology is sometimes referred to as just-in-time access control?
    • RBAC
    • PIM
    • PAM
    • LDAP
  3. What configuration object is responsible for containing users, groups, and devices for delegated control in Azure AD?
    • Administrative units
    • Role-based access control
    • Privileged identity management
    • Organizational units
  4. The first user created in a new Microsoft 365 tenant is granted which role?
    • Exchange Administrator
    • Identity Administrator
    • Hybrid Identity Administrator
    • Global Administrator
  5. PIM is required to deploy administrative units.
    • True
    • False
    Answers
    C: Role-based access control
    B: PIM
    A: Administrative units
    D: Global Administrator
    B: False

Part 3: Managing Access and Authentication
This part introduces you to concepts for secure and password-less authentication methods, such as Windows Hello for Business and FIDO2 tokens. You’ll learn about implementing self-service password reset, multi-factor authentication, and Azure AD Identity Protection features. Finally, you’ll explore application access provisioning and security.
This part has the following chapters:
• Chapter 7, Planning and Implementing Authentication
• Chapter 8, Planning and Implementing Secure Access
• Chapter 9, Planning and Implementing Application Access

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Choosing an authentication mechanism– Planning and Implementing Authentication

24/12/202224/12/2022 Christine AlbertChoosing an authentication mechanism– Planning and Implementing Authentication
Over the course of the last few chapters, you’ve learned a lot about identity, synchronization, [...]
Read MoreRead More

Overview of Identity Governance– Planning and Implementing Secure Access

25/02/202425/02/2024 Christine AlbertOverview of Identity Governance– Planning and Implementing Secure Access
Security and identity are some of the most important parts of managing a Microsoft 365 [...]
Read MoreRead More

Configuring FIDO2– Planning and Implementing Authentication

25/09/202325/09/2023 Christine AlbertConfiguring FIDO2– Planning and Implementing Authentication
When setting up FIDO2-based authentication, you’ll follow a process similar to Microsoft Authenticator – updating [...]
Read MoreRead More