IDENTITY AND ACCESS MANAGEMENT
Manage data access
The growing popularity of remote work and moving business to the cloud have made identity and access management important elements that support the protection of company data. Today, dedicated tools help you to get advanced control over what access rights individual employees have. Thanks to them, network administrators can monitor whether unauthorised users are gaining access to sensitive business data.
Nowadays, an authentication process based on a username and password is not secure. Usernames are easy to detect and passwords can be cracked. Therefore, Microsoft provides multi-factor authentication, i.e. adding a second authentication factor, such as a code from the Microsoft Authenticator app or a text message. The solution is suitable for any company and any user, regardless of the size of the organisation. Implementing MFA is one of the first actions we should take if we care about security in the organisation.
Conditional access is a process that allows you to control access to your organisation’s cloud services and resources. When a user logs in, so-called signals are collected, i.e. information about the user’s location, device and application. Depending on the signals, the user is granted access, MFA is required or access is blocked. In addition, risky logins, e.g. from a different country than usual or from an unknown device, are taken into account.
The solution is designed for medium-sized and large companies that want to manage access to applications and data in a more advanced way. It significantly increases security and helps eliminate attacks on the organisation.
Privileged Identity Management
PIM (Privileged Identity Management) is a service that allows companies to manage, control and monitor access to their services and resources. The solution provides privileged access only when a user needs it (just-in-time access). Privileged roles can be assigned to users in active mode and qualified mode. The former requires no additional action from the user, while the latter requires an additional step, i.e. multi-factor authentication.
PIM helps to control the number of administrators and – by assigning appropriate roles – the actions that an administrator can perform. This is particularly beneficial for large companies where there are often more than five global administrators. In the case of large organisations, there are often Azure resources,which are created and managed by different groups of employees. PIM significantly facilitates the management of access to these resources.
The solution verifies user access to resources on the Azure platform, role assignment and group membership. Effective management of identities in large organisations is often a difficult task, and access reviews are a solution that streamlines this process. In the case of access reviews for groups, the process is initiated by the administrator, but it is the owner of the group or team in Teams who acts as verifier. Based on the owner’s decision, users who do not need access are removed from groups or teams. The solution helps to maintain order in the organisation. It allows administrators to ensure that unauthorised users are not assigned administrative roles and that users belong to groups and teams to which they should belong. This, in turn, translates into an increased level of security within the organisation.
Defender for Identity
Defender for Identity helps you to protect identities by monitoring user activities and learning-based analysis. It enables you to identify suspicious user activity and investigate the threat. It also helps you to stop the attack once the attacker has already entered the organisation. Defender for Identity uses so-called sensors, which are installed in the local Entra ID environment, which send signals to Azure AD. Defender for Identity is one of the components of the comprehensive Microsoft 365 Defender environment protection solution and should be used in conjunction with other solutions of the suite. The solution is designed for medium-sized and large organisations.
Idenitity Protection is a tool that detects login risks, investigates them and exports the result to SIEM. Examples of risks include an IP address connected to malware, an unusual route or the use of credentials that have leaked into the network. Once a risk is detected, the solution can request a password change, multi-factor authentication or simply block the login.
It helps you to secure the login process and so reduces the risk of unauthorised access to applications and data, which translates into a higher level of security in the organisation.