The Microsoft Azure Training Series: How to Protect Privileged Identities in MS Azure
An organization’s data and informational integrity depends on the privileged accounts and identities that manage and administer the internal IT systems. These privileged roles are responsible for managing both the data stored and modified within the database, as well as other assigned roles. The scope of the privilege includes access to Azure AD, Azure resources and various other Microsoft services such as Intune and Office 365.
Incidentally, the privileged roles are under the greatest degree of risk from malicious external elements, that seek to breach the privilege sphere, and thereby gain access to admin accounts. This renders the infrastructure systems such as Azure AD and on-premises Active Directory vulnerable.
Here, we will look at how you can protect the privileged identities in Microsoft Azure, while also ensuring that said identities stay secured, with regular management.
Microsoft Azure AD Identity Protection: Core Responsibilities
Azure AD Identity Protection is a feature that is fundamental towards the protection of all identities within your Azure Active Directory. In an atmosphere where breach and cyber-attack risks are numerous, the Azure AD Identity Protection feature provides much needed security against unwelcome access and data theft.
Following are the core responsibilities of the Identity Protection feature:
- Detecting all potential and existing vulnerabilities that may affect or are already affecting the identities of your organization.
- Enable automated responses to suspicious actions that are detected. These actions are related to the identities of your organization.
- Investigate all suspicious incidents and actions, and resolve them accordingly.
Microsoft itself has been shelling out cloud-based identity protection for internal identities for over 10 years. The Azure AD Identity Protection feature offers the same protection that Microsoft uses for identity security.
Configuring Identity Protection
The first step in the identity protection program in Azure AD, is enabling the identity protection capability. This is a relatively new ability in Azure AD, and it enables the administrator to monitor potential vulnerabilities as well as suspicious sign-ins. The activity detection extends to end users too.
Following are the steps to activate Azure AD Identity Protection:
Sign in to the Azure Portal through global administrator credentials. In the Azure dashboard, towards the bottom, there will be a Marketplace tab. Click on it to access the applications list.
Within the applications list, click on Security + Identity.
In the subsequent selection list, click on Azure AD Identity Protection.
This will open the Azure AD Identity Protection page. Click on Create at the bottom of the page.
This will enable the Azure AD Identity Protection feature, allowing you to further enact protection protocols.
Individual Capabilities of Azure Identity Protection
There are three main areas that are identified by the identity protection feature. These are:
- Vulnerabilities: The identity protection feature performs configuration analysis, detecting all possible vulnerabilities which can potentially affect the identities of the users, in particular, those in more privileged roles.
- Risk Events: Azure AD utilizes both heuristics and adaptive machine learning algorithms to single out suspicious actions and activity, which are directly related to the identities of the users. Additionally, the system compiles all instances of suspicious activity in a record, which are known as Risk Events.
- User Risks: These are all risk events that have been detected by Azure AD Identity Protection, in relation to a user. Any user account that gets highlighted by the identity protection algorithm is flagged, and treated as having been compromised.
Azure AD Privileged Identity Management
The primary point of vulnerability in the Azure Active Directory sphere is related to the access granted to various users. While there are various steps that can be taken to install multiple layers of security (multi-factor authentication, sign-in risk policy management etc.); the management of privileged users is the most direct, with respect to this article.
These risks can be circumvented via the Azure AD Privileged Identity Management application. Following are the steps to adding the Azure AD PIM app to the Azure Portal dashboard.
- Sign in the Azure portal with the global administrator credentials of your directory.
- In case your company has two or more directories active, you have the option of selecting the relevant one in the upper-right corner in the portal.
- Click on All Services and search for Azure AD Privileged Identity Management in the filter box.
- Check the Pin to dashboard option and click on Create. This will open the Privileged Identity application.
In case you are the first user of the Azure AD Privileged Identity Management app, you will automatically become the Privileged Role Administrator or Security Administrator, within the directory. Only privileged administrators have permission to manage role assignments in the directory. You can also choose to run a security wizard, which will take you through the initial assignment and discovery experience.
Navigate to the Tasks
Once you have set up the Azure AD Privileged Identity Management application, you will be able to see the navigation section, through which you can navigate to your active identity management tasks. Following are the tasks that will be accessible through the AD PIM app.
- Approve Requests: This displays requests to enable the eligible Azure AD roles, as sent by users in the directory. You can choose to approve these requests.
- Pending Requests: This displays any of the requests mentioned in the previous point, that are pending.
- Review Access: This displays all the access reviews that you will be assigned, whether you are reviewing access for another user, or yourself.
- Azure Resource Roles: This displays the subscription resources that you had made the roles select.
Since identities are an extension of the workforce in the cloud atmosphere, they require effective protection on all fronts. Identity protection is an integral aspect of Microsoft Azure training, and a vital tool in your Active Directory management arsenal.