Privileged access management in Microsoft 365
In this tutorial, we will learn about the Privileged access management in Microsoft 365.
Privileged access management helps protect your organization from breaches and helps to meet compliance best practices by limiting standing access to sensitive data. Moreover, it allows granular access control over privileged admin tasks in Office 365. It can help protect your organization from breaches that use existing privileged admin accounts with standing access to sensitive data or access to critical configuration settings.
Further, privileged access management requires users to request just-in-time access to complete elevated and privileged tasks through a highly scoped and time-bounded approval workflow. This configuration gives users just enough access to perform the task at hand, without risking exposure to sensitive data or critical configuration settings. Enabling privileged access management in Microsoft 365 allows your organization to operate with zero standing privileges. And it also provides a layer of defense against standing administrative access vulnerabilities.
Layers of protection
Privileged access management complements other data and access feature protections within the Microsoft 365 security architecture. Including privileged access management as part of an integrated and layered approach to security provides a security model. This, further, maximizes the protection of sensitive information and Microsoft 365 configuration settings. Moreover, it builds on the protection provided with native encryption of Microsoft 365 data and the role-based access control security model of Microsoft 365 services. When used with Azure AD Privileged Identity Management, these two features provide access control with just-in-time access at different scopes.
Further, privileged access management is defined and scoped at the task level. And, Azure AD Privileged Identity Management applies for protection at the role level with the ability to execute multiple tasks. Then, Azure AD Privileged Identity Management primarily allows managing accesses for AD roles and role groups. While privileged access management in Microsoft 365 applies only at the task level.
Privileged access management architecture and process flow
Each of the following processes flows outlines the architecture of privileged access and how it interacts with the Microsoft 365 substrate, auditing, and the Exchange Management run space.
Step 1: Configure a privileged access policy
When you configure a privileged access policy with the Microsoft 365 admin center or the Exchange Management PowerShell. Then, you define the policy and the privileged access feature processes, and the policy attributes in the Microsoft 365 substrate. However, the activities log in to the Security & Compliance Center.
Step 2: Access request
In the Microsoft 365 admin center or with the Exchange Management PowerShell, users can request access to elevated or privileged tasks. However, the privileged access feature sends the request to the Microsoft 365 substrate for processing against the configured privilege access policy and records the Activity in the Security & Compliance Center logs.
Step 3: Access approval
An approval request generates and the pending request notification emails to approvers. However, if approved, the privileged access request is processed as an approval and the task is ready to be completed. If it gets denies, the task blocks and there is no access to the requestor. The requestor is notified of the request approval or denial via email message.
Step 4: Access processing
For an approved request, the task is processed by the Exchange Management run space. The approval gets checks against the privileged access policy and processed by the Microsoft 365 substrate. All activity for the task log in the Security & Compliance Center.
Reference: Microsoft Documentation