I’m happy to be back here today, and give an update on a number of new security capabilities we added to Azure AD Premium over the last few weeks. These show up now as part of the existing Azure AD Privileged Identity Management preview in the new Azure management portal.
Here is a short video I created to walk you through this, and a brief summary of what’s new:
- Security Wizard: New to Privileged Identity Management and not sure what to do first to protect your organization? This wizard walks you step-by-step through measuring and improving your organization’s security posture, with recommendations for making your directory administration (and your use of Microsoft Online Services and connected SaaS) more secure. Its recommendations are tailored to each organization’s specific security configuration, and are updated each time you visit.
- Security Dashboard gives you full, expert-level, visibility into privileged roles and their use: Who’s activating their role, when, and why.
- Security Alerts: The portal updates you about changes to privileged roles in your directory, including alerts on on-going suspicious activity and how to check for potential attacks. The “Fix” button lets Azure AD automatically take corrective action for you, either for all users or for a specific role or user.
- Security Reviews: If you find your organization has too many administrators, you can now ask those users to regularly confirm (recertify) that they still need to be in privileged roles. We blogged about this feature earlier.
- MFA for privileged role activation: Multi-factor authentication increases the security of user logins for cloud services beyond just a password. And we recognize that for some organizations it may not be feasible yet to require all users in privileged roles to use MFA every time they log in. Azure AD Privileged Identity Management gives the option to enforce Azure MFA at the time of activating privileged roles.
- Office 365 workload-specific privileged roles: You can separate administration of the Office365 workloads (Exchange, SharePoint and Skype for Business), using Azure AD Privileged Identity Management, with the new Office 365 workload-specific admin roles. Now a user can, for example, activate to become a SharePoint administrator, but will not have access to other Office 365 non-SharePoint related settings.
I hope you find the video and the new capabilities useful, and I’d love to receive any feedback or suggestions you have!
Shai Kariv (Twitter: @shaikariv)
Principal PM Manager
Microsoft Identity and Security Services Division