Azure-Developers.net

A great place to connect with your peers!

Register
Login

Login with Facebook
Login with Twitter
forgot your password?
  • Home
  • Tips and Tutorials
  • News
  • Forum
  • Jobs
  • Events

Identity Governance – People, Access, and Resources

  • by Fernando Medina
  • in Tips and Tutorials
  • — 18 Dec, 2019
Identity Governance in Azure
Let’s talk about Identity Governance in Azure. Microsoft helps organizations with their Identity needs through the capabilities available in Azure AD. It provides you with abilities to ensure that the “right people have the right access to the right resources.”

What is Identity Governance? And Why is it important?

“Azure Active Directory (Azure AD) Identity Governance helps you to protect, monitor, and audit access to critical assets while ensuring employee productivity.”

As we know, cyber attackers seek to gain unauthorized access to your organization’s resources. Employees, vendors, partners are their number one target as they possess the permissions required to access and control your resources and therefore own to your data. 

A Restrictive approach in this hyperconnected world is not an option; we have to find a balance.

“The goal is to govern access to your company resources in this hyperconnected world” Joseph Dadzie Principal Group PM Azure AD at Microsoft.

Employers interact with business partners everywhere; it is impossible to restrict their access; however, organizations, regulators, and auditors need to know who is accessing their resources. Identity Governance will help you verify their users’ Identity and cross-reference it with their authorization profile.

There are two concepts that we need to learn as we set up our Identity Governance on portal.azure.com

1) Entitlement Management

This feature allows your company to automate the access lifecycle. Entitlement management reduces the overhead and allows your organization to efficiently manage access to your defined groups and applications for both internal and external users.

For example

  • Office 365 Groups and Teams
  • Azure AD Applications
  • SharePoint Sites

One of the first steps is the creation of access packages; this is nothing but a set of resources that users can request, approve, and revoke when access expires.

For example, Imagine you work with a vendor that requires access to one of your SharePoint sites.
With Entitlement Management, you can create a package to grant specific vendor access to SharePoint.

One of the most important use cases of access packages is the ability to give users access to manage specific Azure Resources, for example, an Azure Application. All you need to do:

  • Create a catalog
  • Select a resource (Your Azure Application)
  • Use an Azure AD Security Group
  • Create an Azure Role Assignment for that group.
  • Create an assignment to a specific user or a connected organization
To view all the steps to create an access package follow this link

Ideally, use access packages in situations that require time-sensitive/temporary access to specific resources.

2) The second important concept is the Access Reviews

Sometimes automation is not feasible, either because some users were added manually and forget about them or because we granted higher privileges than needed.

Access review is the process of periodically review your users to make sure they still require the same permissions and modify them if needed.

To see the steps required to create an access review, please visit the following link

Note: This feature requires an Azure AD Premium license 

Competitor’s products:
Note: I’m loyal to Microsoft, but I always add this section to understand the offering of the competitors
Google IAM – Cloud Identity and Access Management
AWS Identity and Access Management (IAM)

Tags: Access packagesCatalogsEntitlement ManagementIdentity Governance

— Fernando Medina

  • Previous story Azure Synapse – Data warehousing on Steroids
  • Welcome!

    My name is Fernando Medina, I am a Microsoft Certified Professional with over 15 years of experience as a Software Engineer/Architect
    I am passionate about Azure and enjoy helping companies assess their cloud readiness, execute their cloud strategy, optimize their cloud cost, and secure and manage their cloud infrastructure.
    I initially created this blog to log my journey through my certification process. Still, during the design, it evolved from a simple site into a potential community from developers to developers.
    This site is my humble contribution to the IT Community.
    Can’t wait to see it grow!.

    Avatar de fmedina
    Fernando Medina
    CONTACTFOLLOW ME
  • Tags

    • Tags
    • Comments
    • Access packages Amazon Redshift Azure Administrator Associate Azure AI Engineer Associate Azure Certification Path Azure Data Engineer Associate Azure Data Scientist Associate Azure Data Share Azure Datawarehouse Azure Developer Associate Azure DevOps Engineer Expert Azure Marketplace Azure Security Engineer Associate Azure Share Azure Solutions Architect Expert Azure Synapse Catalogs Continuous Deployment Crypto-Mining Cybersecurity DevOps Entitlement Management Exam AZ-203 Google BigQuery Identity Governance Malware Microsoft Security Intelligence Report National Institute of Standards and Technology Phishing Ransomware Spinnaker Supply Chain Breaches Vendor of the week
  • Advertise with us

    • Advertise Here
  • Ads…

    • Advertise Here
  • More Ads…

    • Advertise Here
    • Advertise Here
    • Advertise Here
    • Advertise Here
    • Advertise Here
  • Azure Developers

    This is my contribution to the IT community. My goal is to share my journey as I learn and explore the fantastic world of Microsoft Azure.
    Sign up and visit us often. You will find tutorials, news, tips, questions and answers, events, jobs, and more.
    Ideas, feedback, or simply want to say hi? Contact us
  • Subscribe to our mailing list

    Loading
  • JOIN OUR TEAM OF EDITORS

    I'm looking for volunteers to join my efforts in publishing literary writing about Azure.
    If you enjoy writing articles and would like to give back to the community, then you have what it takes to be a member of the team, Apply here
    All levels -from beginners to experts- are welcome!

Copyright © Azure-Developers.Net

Privacy DMCA (Copyright) Code of Honor Terms of Purchase