Winning Azure AD strategies for identity security and governance

entitle mgtとaccess packageは深堀りたいところ

Winning Strategies

strengthen credentials

reduce attack surface

automate threat response

utilize cloud inteliigence

empoer end user w/ self-service

Strategies1-2: Strengthen Credential, Reduce Attack surface

まずはLegacy Authentication をblockしましょうね

Privilege Admin -> JIT -> Azure AD Entitlement Management

jit

entitle mgt

Azure AD > Identity Governnance

エンドユーザーにはAccess Packageとしてくる

承認社にはApprovalにくる

例: Conditional Accessに対するexception

https://gyazo.com/189f3b4dc372038e47a96505d2af5919

Strategies 3:automate threat response

conditional acess to force high risk user (User Risk) to change password

Strategies 4: utilize cloud inteliigence

PIM > alerts

Conditional Access > Insights and Responding

AzureAD > Workbooks

Identity protection

Privileged Identity Mgt

Workbook analytics