SlideShare une entreprise Scribd logo

IdentityDays2022 - Gestion des privilèges sur le Cloud Microsoft

Identity Days
Identity Days

The document discusses a conference on managing privileges on the Microsoft Cloud. It includes an agenda covering topics like Azure Active Directory roles, Privileged Identity Management, Azure roles and role-based access control, account protection, conditional access, privileged access devices, interface security levels, intermediaries, Azure Bastion, and a conclusion. It provides information on many aspects of securing access and managing privileges for cloud resources.

Technologie
1  sur  46
Télécharger pour lire hors ligne
Merci à tous nos partenaires ! 27 octobre 2022 - PARIS @IdentityDays #identitydays2022
Gestion des privilèges sur le Cloud Microsoft 27 octobre 2022 - PARIS Identity Days 2022 Xuan AHEHEHINNOU Hakim TAOUSSI Nicolas BONNET
• Introduction • Azure AD roles • Privileged Identity Management • Azure roles & RBAC • Account protection • Azure AD Conditional Access • Privileged access devices • Interface security levels • Intermediaries • Azure bastion • Conclusion AGENDA DE LA CONFÉRENCE 27 octobre 2022 - PARIS Identity Days 2022 Xuan AHEHEHINNOU Microsoft 365 Solution Architect @Abalon Hakim TAOUSSI Technical Architect / MVP Azure @Insight Nicolas BONNET CEO & IT Architect MVP Enterprise Mobility @InYourCloud
Introduction Identity Days 2022 27 octobre 2022 - PARIS
http://aka.ms/SPAroadmap http://aka.ms/cyber-services http://aka.ms/securitystandards Death Star GoFetch
Account Devices/Workstations Intermediaries Interface Business Critical Assets Account Devices/Workstations Intermediaries Interface Potential Attack Surface
Account Devices/Workstations Intermediaries Interface Business Critical Assets Account Devices/Workstations Intermediaries Interface Asset Protection also required Security updates, DevSecOps, data at rest / in transit, etc.
Business Critical Assets Account Devices/Workstations Intermediaries Interface Typical path of user access Levels of security Attacker’s cost https://aka.ms/deploySPA
Deploying a privileged access solution | Microsoft Learn
Machine Learning (ML) Applications & Websites API Data
There are about 60 Azure Active Directory (Azure AD) built-in roles, which are roles with a fixed set of role permissions. To supplement the built-in roles, Azure AD also supports custom roles. There are many different services in Microsoft 365, such as Azure AD and Intune. Some of these services have their own role-based access control systems (AAD, Exchange, Intune, MDCA, 365 Defender, Purview, Cost Management + Billing). Azure has its own role-based access control system for Azure resources such as virtual machines, and this system is not the same as Azure AD roles. 27 octobre 2022 - PARIS Identity Days 2022 Understand Azure Active Directory role concepts - Microsoft Entra | Microsoft Learn
Secure access with Microsoft Entra Multicloud identity and access management Oversee all your organization’s identities in one place Microsoft Entra encompasses all of Microsoft’s identity and access capabilities. The Entra family includes Microsoft Azure Active Directory (Azure AD), as well as two new product categories: Cloud Infrastructure Entitlement Management (CIEM) and decentralized identity. 27 octobre 2022 - PARIS Identity Days 2022 Microsoft Entra Datasheet
Azure AD Privileged Identity management Identity Days 2022 27 octobre 2022 - PARIS
What is Privileged Identity Management (PIM)? PIM is a service in Azure Active Directory (Azure AD) that enables you to manage, control, and monitor access to important resources in your organization. Such resources include those in Azure AD, Azure, and other Microsoft Online Services, such as Microsoft 365 or Microsoft Intune 27 octobre 2022 - PARIS Identity Days 2022
What does PIM do? PIM provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. Key features of PIM include: ✓ Provide just-in-time privileged access to Azure AD and Azure resources ✓ Assign time-bound access to resources using start and end dates ✓ Require approval to activate privileged roles ✓ Enforce multifactor authentication to activate any role ✓ Use justification to understand why users activate ✓ Get notifications when privileged roles are activated ✓ Conduct access reviews to ensure users still need roles ✓ Download audit history for internal or external audit Identity Days 2022 27 octobre 2022 - PARIS Identity Days 2022
PIM for Azure resource roles • Azure Active Directory (Azure AD) Privileged Identity Management (PIM) can manage the built-in Azure resource roles, as well as custom roles, including (but not limited to): ❑ Owner ❑ User Access Administrator ❑ Contributor ❑ Security Admin ❑ Security Manager 27 octobre 2022 - PARIS Identity Days 2022
Management capabilities for Privileged Access groups • In Privileged Identity Management (PIM), you can now assign eligibility for membership or ownership of privileged access groups. 27 octobre 2022 - PARIS Identity Days 2022
Azure roles & RBAC Identity Days 2022 27 octobre 2022 - PARIS
Understanding Azure Roles and RBAC What is Azure role-based access control (Azure RBAC)? | Microsoft Learn 27 octobre 2022 - PARIS Identity Days 2022
Best practices for Azure RBAC • Only grant the access users need • Using Azure RBAC, you can segregate duties within your team and grant only the amount of access to users that they need to perform their jobs. Instead of giving everybody unrestricted permissions in your Azure subscription or resources, you can allow only certain actions at a particular scope. • Limit the number of subscription owners • You should have a maximum of 3 subscription owners to reduce the potential for breach by a compromised owner. This recommendation can be monitored in Microsoft Defender for Cloud. • Use Azure AD Privileged Identity Management • PIM helps protect privileged accounts by providing just-in-time privileged access to Azure AD and Azure resources. Access can be time bound after which privileges are revoked automatically. • Assign roles to groups, not users • Assigning roles to groups instead of users also helps minimize the number of role assignments • Assign roles using the unique role ID instead of the role name • Even if a role is renamed, the role ID does not change Identity Days 2022 27 octobre 2022 - PARIS Best practices for Azure RBAC | Microsoft Learn Identity Days 2022
Azure RACI Template • The purpose of this RACI is to provide a foundation for organizations beginning the journey into Microsoft Azure. It contains common tasks across both governance and operations that organizations should identify owners and operators for. Identity Days 2022 27 octobre 2022 - PARIS GitHub - jkstant/AzureRACIToolkit Identity Days 2022
Account protection Identity Days 2022 27 octobre 2022 - PARIS
Privileged access: Accounts Identity Days 2022 27 octobre 2022 - PARIS Securing privileged access accounts | Microsoft Learn
CRITICAL BEST PRACTICES BLOCK LEGACY AUTHENTICATION password spray attacks (majority use legacy auth) https://techcommunity.microsoft.com/t5/Azure-Active- Directory-Identity/Azure-AD-Conditional-Access- support-for-blocking-legacy-auth-is/ba-p/245417 Identity Days 2022 27 octobre 2022 - PARIS Azure identity & access security best practices | Microsoft Learn
AAD B2B Collaboration Identity Days 2022 27 octobre 2022 - PARIS Azure identity & access security best practices | Microsoft Learn
Identity Days 2022 27 octobre 2022 - PARIS Azure identity & access security best practices | Microsoft Learn
where normal administrative accounts can’t be used (federation unavailable, etc.) Managing emergency access administrative accounts in Azure AD Identity Days 2022 27 octobre 2022 - PARIS Azure identity & access security best practices | Microsoft Learn
built-in roles Custom roles Identity Days 2022 27 octobre 2022 - PARIS Azure identity & access security best practices | Microsoft Learn
Get started using Attack simulation training - Office 365 | Microsoft Docs Identity Days 2022 27 octobre 2022 - PARIS Azure identity & access security best practices | Microsoft Learn
CRITICAL BEST PRACTICES https://channel9.msdn.com/events/Ignite/Microsoft-Ignite-Orlando-2017/BRK3016 http://aka.ms/HelloForBusiness https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication- phone-sign-in https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates Note: Text Message based MFA is now relatively inexpensive for attackers to bypass, so focus on passwordless & stronger MFA Identity Days 2022 27 octobre 2022 - PARIS
Different forms of MFA and passwordless authentication Identity Days 2022 27 octobre 2022 - PARIS Identity Days 2022 Authentication methods and features - Azure Active Directory - Microsoft Entra | Microsoft Learn
Conditional Access authentication strength (preview) Identity Days 2022 27 octobre 2022 - PARIS Identity Days 2022 Overview of Azure Active Directory authentication strength (preview) - Microsoft Entra | Microsoft Learn
Azure AD Conditional Access Identity Days 2022 27 octobre 2022 - PARIS
Azure AD conditional access 27 octobre 2022 - PARIS Identity Days 2022
Privileged access devices Identity Days 2022 27 octobre 2022 - PARIS
Secure workstation for sensitive users Identity Days 2022 27 octobre 2022 - PARIS Why are privileged access devices important | Microsoft Learn
Interface security levels Identity Days 2022 27 octobre 2022 - PARIS
Privileged interface Security controls for specialized interfaces should include • Zero Trust policy enforcement - on inbound sessions using Conditional Access to ensure that users and devices are secured at the privileged level • Role-Based Access Control (RBAC) - Model should ensure that the application is administered only by roles at the privileged security level • Just in time access workflows (required) - that enforce least privilege by ensuring privileges are used only by authorized users during the time they are needed. Identity Days 2022 27 octobre 2022 - PARIS Securing privileged access interfaces | Microsoft Learn
Intermediaries Identity Days 2022 27 octobre 2022 - PARIS
Privileged access: Intermediaries Identity Days 2022 27 octobre 2022 - PARIS Securing privileged access intermediaries | Microsoft Learn
Azure Bastion Identity Days 2022 27 octobre 2022 - PARIS
Azure BastionArchitecture Identity Days 2022 27 octobre 2022 - PARIS About Azure Bastion | Microsoft Learn Azure Bastion is a service you deploy that lets you connect to a virtual machine using your browser and the Azure portal, or via the native SSH or RDP client already installed on your local computer.
Identity Days 2022 27 octobre 2022 - PARIS Conclusion
CLEAR LINES OF RESPONSIBILITY CRITICAL BEST PRACTICES Document and Socialize this widely with all teams working on Azure T I P 27 octobre 2022 - PARIS Identity Days 2022 Microsoft Security Best Practices module: Governance, risk, and compliance | Microsoft Learn
Microsoft Zero Trust Principles To help secure both data and productivity, limit user access using • Just-in-time (JIT) • Just-enough-access (JEA) • Risk-based adaptive polices • Data protection against out of band vectors Always validate all available data points including • User identity and location • Device health • Service or workload context • Data classification • Anomalies Minimize blast radius for breaches and prevent lateral movement by • Segmenting access by network, user, devices, and app awareness. • Encrypting all sessions end to end. • Use analytics for threat detection, posture visibility and improving defenses Verify explicitly 27 octobre 2022 - PARIS Identity Days 2022 Zero Trust Model - Modern Security Architecture | Microsoft Security
Merci à tous nos partenaires ! 27 octobre 2022 - PARIS @IdentityDays #identitydays2022

Recommandé

Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !Identity Days
 
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB201904_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019Kumton Suttiraksiri
 
Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)WinWire Technologies Inc
 
Introduction to basic governance in Azure - #GABDK
Introduction to basic governance in Azure - #GABDKIntroduction to basic governance in Azure - #GABDK
Introduction to basic governance in Azure - #GABDKPeter Selch Dahl
 
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management SolutionsSC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management SolutionsFredBrandonAuthorMCP
 
20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD Premium20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD PremiumRobin Vermeirsch
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsBizTalk360
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a serviceBizTalk360
 

Recommandé

Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !
Appliquez le modèle Zero Trust pour le Hardening de votre Azure AD !Identity Days
 
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB201904_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019Kumton Suttiraksiri
 
Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)WinWire Technologies Inc
 
Introduction to basic governance in Azure - #GABDK
Introduction to basic governance in Azure - #GABDKIntroduction to basic governance in Azure - #GABDK
Introduction to basic governance in Azure - #GABDKPeter Selch Dahl
 
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management SolutionsSC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management SolutionsFredBrandonAuthorMCP
 
20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD Premium20160400 Technet- Hybrid identity and access management with Azure AD Premium
20160400 Technet- Hybrid identity and access management with Azure AD PremiumRobin Vermeirsch
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsBizTalk360
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a serviceBizTalk360
 
Securing your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureSecuring your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureVignesh Ganesan I Microsoft MVP
 
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...AzureEzy1
 
Microsoft-Entra-Identity-and-Access-presentation.pdf
Microsoft-Entra-Identity-and-Access-presentation.pdfMicrosoft-Entra-Identity-and-Access-presentation.pdf
Microsoft-Entra-Identity-and-Access-presentation.pdfJohnDoe583546
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiGirish Kalamati
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceVignesh Ganesan I Microsoft MVP
 
Secure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity GovernanceSecure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity GovernanceVignesh Ganesan I Microsoft MVP
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKPeter Selch Dahl
 
JoTechies - Cloud identity
JoTechies - Cloud identityJoTechies - Cloud identity
JoTechies - Cloud identityJoTechies
 
Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Robert Crane
 
Azure Day 1.pptx
Azure Day 1.pptxAzure Day 1.pptx
Azure Day 1.pptxmasbulosoke
 
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...Trivadis
 
Azure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for DevelopersAzure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for DevelopersJohn Garland
 
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Edureka!
 
Gouvernance multi-tenant d’identités et ressources Azure avec Azure Active Di...
Gouvernance multi-tenant d’identités et ressources Azure avec Azure Active Di...Gouvernance multi-tenant d’identités et ressources Azure avec Azure Active Di...
Gouvernance multi-tenant d’identités et ressources Azure avec Azure Active Di...Identity Days
 
Global azure virtual 2021 - Azure Lighthouse
Global azure virtual 2021 - Azure LighthouseGlobal azure virtual 2021 - Azure Lighthouse
Global azure virtual 2021 - Azure LighthouseIvo Andreev
 
Building a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data CenterBuilding a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data CenterPatrick Sklodowski
 
The user s identities
The user s identitiesThe user s identities
The user s identitiesGiuliano Latini
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active DirectoryKrunal Trivedi
 
Hitchhiker's Guide to Azure AD - SPSKC
Hitchhiker's Guide to Azure AD - SPSKCHitchhiker's Guide to Azure AD - SPSKC
Hitchhiker's Guide to Azure AD - SPSKCMax Fritz
 
2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...
2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...
2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...aOS Community
 
Live Action : assistez à la récupération d’un AD compromis
Live Action : assistez à la récupération d’un AD compromisLive Action : assistez à la récupération d’un AD compromis
Live Action : assistez à la récupération d’un AD compromisIdentity Days
 
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?Identity Days
 

Contenu connexe

Similaire à IdentityDays2022 - Gestion des privilèges sur le Cloud Microsoft

Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...AzureEzy1
 
Microsoft-Entra-Identity-and-Access-presentation.pdf
Microsoft-Entra-Identity-and-Access-presentation.pdfMicrosoft-Entra-Identity-and-Access-presentation.pdf
Microsoft-Entra-Identity-and-Access-presentation.pdfJohnDoe583546
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiGirish Kalamati
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceVignesh Ganesan I Microsoft MVP
 
Secure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity GovernanceSecure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity GovernanceVignesh Ganesan I Microsoft MVP
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKPeter Selch Dahl
 
JoTechies - Cloud identity
JoTechies - Cloud identityJoTechies - Cloud identity
JoTechies - Cloud identityJoTechies
 
Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Robert Crane
 
Azure Day 1.pptx
Azure Day 1.pptxAzure Day 1.pptx
Azure Day 1.pptxmasbulosoke
 
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...Trivadis
 
Azure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for DevelopersAzure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for DevelopersJohn Garland
 
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Edureka!
 
Gouvernance multi-tenant d’identités et ressources Azure avec Azure Active Di...
Gouvernance multi-tenant d’identités et ressources Azure avec Azure Active Di...Gouvernance multi-tenant d’identités et ressources Azure avec Azure Active Di...
Gouvernance multi-tenant d’identités et ressources Azure avec Azure Active Di...Identity Days
 
Global azure virtual 2021 - Azure Lighthouse
Global azure virtual 2021 - Azure LighthouseGlobal azure virtual 2021 - Azure Lighthouse
Global azure virtual 2021 - Azure LighthouseIvo Andreev
 
Building a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data CenterBuilding a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data CenterPatrick Sklodowski
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active DirectoryKrunal Trivedi
 
Hitchhiker's Guide to Azure AD - SPSKC
Hitchhiker's Guide to Azure AD - SPSKCHitchhiker's Guide to Azure AD - SPSKC
Hitchhiker's Guide to Azure AD - SPSKCMax Fritz
 
2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...
2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...
2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...aOS Community
 

Similaire à IdentityDays2022 - Gestion des privilèges sur le Cloud Microsoft (20)

Securing your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureSecuring your Azure Identity Infrastructure
Securing your Azure Identity Infrastructure
 
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
 
Microsoft-Entra-Identity-and-Access-presentation.pdf
Microsoft-Entra-Identity-and-Access-presentation.pdfMicrosoft-Entra-Identity-and-Access-presentation.pdf
Microsoft-Entra-Identity-and-Access-presentation.pdf
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and Compliance
 
Secure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity GovernanceSecure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity Governance
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
 
JoTechies - Cloud identity
JoTechies - Cloud identityJoTechies - Cloud identity
JoTechies - Cloud identity
 
Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015
 
Azure Day 1.pptx
Azure Day 1.pptxAzure Day 1.pptx
Azure Day 1.pptx
 
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...
 
Azure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for DevelopersAzure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for Developers
 
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
 
Gouvernance multi-tenant d’identités et ressources Azure avec Azure Active Di...
Gouvernance multi-tenant d’identités et ressources Azure avec Azure Active Di...Gouvernance multi-tenant d’identités et ressources Azure avec Azure Active Di...
Gouvernance multi-tenant d’identités et ressources Azure avec Azure Active Di...
 
Global azure virtual 2021 - Azure Lighthouse
Global azure virtual 2021 - Azure LighthouseGlobal azure virtual 2021 - Azure Lighthouse
Global azure virtual 2021 - Azure Lighthouse
 
Building a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data CenterBuilding a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data Center
 
The user s identities
The user s identitiesThe user s identities
The user s identities
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active Directory
 
Hitchhiker's Guide to Azure AD - SPSKC
Hitchhiker's Guide to Azure AD - SPSKCHitchhiker's Guide to Azure AD - SPSKC
Hitchhiker's Guide to Azure AD - SPSKC
 
2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...
2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...
2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...
 

Plus de Identity Days

Live Action : assistez à la récupération d’un AD compromis
Live Action : assistez à la récupération d’un AD compromisLive Action : assistez à la récupération d’un AD compromis
Live Action : assistez à la récupération d’un AD compromisIdentity Days
 
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?Identity Days
 
Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...
Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...
Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...Identity Days
 
Passwordless – de la théorie à la pratique
Passwordless – de la théorie à la pratiquePasswordless – de la théorie à la pratique
Passwordless – de la théorie à la pratiqueIdentity Days
 
L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...
L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...
L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...Identity Days
 
Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...
Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...
Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...Identity Days
 
SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...
SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...
SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...Identity Days
 
Gérer les privilèges locaux en utilisant Intune
Gérer les privilèges locaux en utilisant IntuneGérer les privilèges locaux en utilisant Intune
Gérer les privilèges locaux en utilisant IntuneIdentity Days
 
Comment et pourquoi maîtriser les privilèges d’administrateur local sur Windo...
Comment et pourquoi maîtriser les privilèges d’administrateur local sur Windo...Comment et pourquoi maîtriser les privilèges d’administrateur local sur Windo...
Comment et pourquoi maîtriser les privilèges d’administrateur local sur Windo...Identity Days
 
Les angles morts de la protection des identités : Les comptes de services et ...
Les angles morts de la protection des identités : Les comptes de services et ...Les angles morts de la protection des identités : Les comptes de services et ...
Les angles morts de la protection des identités : Les comptes de services et ...Identity Days
 
Construire un moteur de workflow modulaire et convivial dans une gestion des ...
Construire un moteur de workflow modulaire et convivial dans une gestion des ...Construire un moteur de workflow modulaire et convivial dans une gestion des ...
Construire un moteur de workflow modulaire et convivial dans une gestion des ...Identity Days
 
Démos d’attaques par rebond en environnement hybride Active Directory-Azure AD
Démos d’attaques par rebond en environnement hybride Active Directory-Azure ADDémos d’attaques par rebond en environnement hybride Active Directory-Azure AD
Démos d’attaques par rebond en environnement hybride Active Directory-Azure ADIdentity Days
 
Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...
Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...
Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...Identity Days
 
SSO et fédération d’identités avec le logiciel libre LemonLDAP::NG
SSO et fédération d’identités avec le logiciel libre LemonLDAP::NGSSO et fédération d’identités avec le logiciel libre LemonLDAP::NG
SSO et fédération d’identités avec le logiciel libre LemonLDAP::NGIdentity Days
 
Gestion de la dette technique – Le tier legacy-2023.pptx
Gestion de la dette technique – Le tier legacy-2023.pptxGestion de la dette technique – Le tier legacy-2023.pptx
Gestion de la dette technique – Le tier legacy-2023.pptxIdentity Days
 
L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...
L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...
L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...Identity Days
 
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...Identity Days
 
Modes de raccordement SSO et utilisations avancées de LemonLDAP::NG
Modes de raccordement SSO et utilisations avancées de LemonLDAP::NGModes de raccordement SSO et utilisations avancées de LemonLDAP::NG
Modes de raccordement SSO et utilisations avancées de LemonLDAP::NGIdentity Days
 
Récupération d’un Active Directory: comment repartir en confiance après une c...
Récupération d’un Active Directory: comment repartir en confiance après une c...Récupération d’un Active Directory: comment repartir en confiance après une c...
Récupération d’un Active Directory: comment repartir en confiance après une c...Identity Days
 
Gestion des identités : par où commencer ?
Gestion des identités : par où commencer ?Gestion des identités : par où commencer ?
Gestion des identités : par où commencer ?Identity Days
 

Plus de Identity Days (20)

Live Action : assistez à la récupération d’un AD compromis
Live Action : assistez à la récupération d’un AD compromisLive Action : assistez à la récupération d’un AD compromis
Live Action : assistez à la récupération d’un AD compromis
 
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?
 
Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...
Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...
Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...
 
Passwordless – de la théorie à la pratique
Passwordless – de la théorie à la pratiquePasswordless – de la théorie à la pratique
Passwordless – de la théorie à la pratique
 
L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...
L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...
L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...
 
Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...
Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...
Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...
 
SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...
SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...
SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...
 
Gérer les privilèges locaux en utilisant Intune
Gérer les privilèges locaux en utilisant IntuneGérer les privilèges locaux en utilisant Intune
Gérer les privilèges locaux en utilisant Intune
 
Comment et pourquoi maîtriser les privilèges d’administrateur local sur Windo...
Comment et pourquoi maîtriser les privilèges d’administrateur local sur Windo...Comment et pourquoi maîtriser les privilèges d’administrateur local sur Windo...
Comment et pourquoi maîtriser les privilèges d’administrateur local sur Windo...
 
Les angles morts de la protection des identités : Les comptes de services et ...
Les angles morts de la protection des identités : Les comptes de services et ...Les angles morts de la protection des identités : Les comptes de services et ...
Les angles morts de la protection des identités : Les comptes de services et ...
 
Construire un moteur de workflow modulaire et convivial dans une gestion des ...
Construire un moteur de workflow modulaire et convivial dans une gestion des ...Construire un moteur de workflow modulaire et convivial dans une gestion des ...
Construire un moteur de workflow modulaire et convivial dans une gestion des ...
 
Démos d’attaques par rebond en environnement hybride Active Directory-Azure AD
Démos d’attaques par rebond en environnement hybride Active Directory-Azure ADDémos d’attaques par rebond en environnement hybride Active Directory-Azure AD
Démos d’attaques par rebond en environnement hybride Active Directory-Azure AD
 
Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...
Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...
Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...
 
SSO et fédération d’identités avec le logiciel libre LemonLDAP::NG
SSO et fédération d’identités avec le logiciel libre LemonLDAP::NGSSO et fédération d’identités avec le logiciel libre LemonLDAP::NG
SSO et fédération d’identités avec le logiciel libre LemonLDAP::NG
 
Gestion de la dette technique – Le tier legacy-2023.pptx
Gestion de la dette technique – Le tier legacy-2023.pptxGestion de la dette technique – Le tier legacy-2023.pptx
Gestion de la dette technique – Le tier legacy-2023.pptx
 
L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...
L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...
L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...
 
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
 
Modes de raccordement SSO et utilisations avancées de LemonLDAP::NG
Modes de raccordement SSO et utilisations avancées de LemonLDAP::NGModes de raccordement SSO et utilisations avancées de LemonLDAP::NG
Modes de raccordement SSO et utilisations avancées de LemonLDAP::NG
 
Récupération d’un Active Directory: comment repartir en confiance après une c...
Récupération d’un Active Directory: comment repartir en confiance après une c...Récupération d’un Active Directory: comment repartir en confiance après une c...
Récupération d’un Active Directory: comment repartir en confiance après une c...
 
Gestion des identités : par où commencer ?
Gestion des identités : par où commencer ?Gestion des identités : par où commencer ?
Gestion des identités : par où commencer ?
 

Dernier

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 

Dernier (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 

IdentityDays2022 - Gestion des privilèges sur le Cloud Microsoft

  • 1. Merci à tous nos partenaires ! 27 octobre 2022 - PARIS @IdentityDays #identitydays2022
  • 2. Gestion des privilèges sur le Cloud Microsoft 27 octobre 2022 - PARIS Identity Days 2022 Xuan AHEHEHINNOU Hakim TAOUSSI Nicolas BONNET
  • 3. • Introduction • Azure AD roles • Privileged Identity Management • Azure roles & RBAC • Account protection • Azure AD Conditional Access • Privileged access devices • Interface security levels • Intermediaries • Azure bastion • Conclusion AGENDA DE LA CONFÉRENCE 27 octobre 2022 - PARIS Identity Days 2022 Xuan AHEHEHINNOU Microsoft 365 Solution Architect @Abalon Hakim TAOUSSI Technical Architect / MVP Azure @Insight Nicolas BONNET CEO & IT Architect MVP Enterprise Mobility @InYourCloud
  • 4. Introduction Identity Days 2022 27 octobre 2022 - PARIS
  • 8. Business Critical Assets Account Devices/Workstations Intermediaries Interface Typical path of user access Levels of security Attacker’s cost https://aka.ms/deploySPA
  • 9. Deploying a privileged access solution | Microsoft Learn
  • 11. There are about 60 Azure Active Directory (Azure AD) built-in roles, which are roles with a fixed set of role permissions. To supplement the built-in roles, Azure AD also supports custom roles. There are many different services in Microsoft 365, such as Azure AD and Intune. Some of these services have their own role-based access control systems (AAD, Exchange, Intune, MDCA, 365 Defender, Purview, Cost Management + Billing). Azure has its own role-based access control system for Azure resources such as virtual machines, and this system is not the same as Azure AD roles. 27 octobre 2022 - PARIS Identity Days 2022 Understand Azure Active Directory role concepts - Microsoft Entra | Microsoft Learn
  • 12. Secure access with Microsoft Entra Multicloud identity and access management Oversee all your organization’s identities in one place Microsoft Entra encompasses all of Microsoft’s identity and access capabilities. The Entra family includes Microsoft Azure Active Directory (Azure AD), as well as two new product categories: Cloud Infrastructure Entitlement Management (CIEM) and decentralized identity. 27 octobre 2022 - PARIS Identity Days 2022 Microsoft Entra Datasheet
  • 13. Azure AD Privileged Identity management Identity Days 2022 27 octobre 2022 - PARIS
  • 14. What is Privileged Identity Management (PIM)? PIM is a service in Azure Active Directory (Azure AD) that enables you to manage, control, and monitor access to important resources in your organization. Such resources include those in Azure AD, Azure, and other Microsoft Online Services, such as Microsoft 365 or Microsoft Intune 27 octobre 2022 - PARIS Identity Days 2022
  • 15. What does PIM do? PIM provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. Key features of PIM include: ✓ Provide just-in-time privileged access to Azure AD and Azure resources ✓ Assign time-bound access to resources using start and end dates ✓ Require approval to activate privileged roles ✓ Enforce multifactor authentication to activate any role ✓ Use justification to understand why users activate ✓ Get notifications when privileged roles are activated ✓ Conduct access reviews to ensure users still need roles ✓ Download audit history for internal or external audit Identity Days 2022 27 octobre 2022 - PARIS Identity Days 2022
  • 16. PIM for Azure resource roles • Azure Active Directory (Azure AD) Privileged Identity Management (PIM) can manage the built-in Azure resource roles, as well as custom roles, including (but not limited to): ❑ Owner ❑ User Access Administrator ❑ Contributor ❑ Security Admin ❑ Security Manager 27 octobre 2022 - PARIS Identity Days 2022
  • 17. Management capabilities for Privileged Access groups • In Privileged Identity Management (PIM), you can now assign eligibility for membership or ownership of privileged access groups. 27 octobre 2022 - PARIS Identity Days 2022
  • 18. Azure roles & RBAC Identity Days 2022 27 octobre 2022 - PARIS
  • 19. Understanding Azure Roles and RBAC What is Azure role-based access control (Azure RBAC)? | Microsoft Learn 27 octobre 2022 - PARIS Identity Days 2022
  • 20. Best practices for Azure RBAC • Only grant the access users need • Using Azure RBAC, you can segregate duties within your team and grant only the amount of access to users that they need to perform their jobs. Instead of giving everybody unrestricted permissions in your Azure subscription or resources, you can allow only certain actions at a particular scope. • Limit the number of subscription owners • You should have a maximum of 3 subscription owners to reduce the potential for breach by a compromised owner. This recommendation can be monitored in Microsoft Defender for Cloud. • Use Azure AD Privileged Identity Management • PIM helps protect privileged accounts by providing just-in-time privileged access to Azure AD and Azure resources. Access can be time bound after which privileges are revoked automatically. • Assign roles to groups, not users • Assigning roles to groups instead of users also helps minimize the number of role assignments • Assign roles using the unique role ID instead of the role name • Even if a role is renamed, the role ID does not change Identity Days 2022 27 octobre 2022 - PARIS Best practices for Azure RBAC | Microsoft Learn Identity Days 2022
  • 21. Azure RACI Template • The purpose of this RACI is to provide a foundation for organizations beginning the journey into Microsoft Azure. It contains common tasks across both governance and operations that organizations should identify owners and operators for. Identity Days 2022 27 octobre 2022 - PARIS GitHub - jkstant/AzureRACIToolkit Identity Days 2022
  • 22. Account protection Identity Days 2022 27 octobre 2022 - PARIS
  • 23. Privileged access: Accounts Identity Days 2022 27 octobre 2022 - PARIS Securing privileged access accounts | Microsoft Learn
  • 24. CRITICAL BEST PRACTICES BLOCK LEGACY AUTHENTICATION password spray attacks (majority use legacy auth) https://techcommunity.microsoft.com/t5/Azure-Active- Directory-Identity/Azure-AD-Conditional-Access- support-for-blocking-legacy-auth-is/ba-p/245417 Identity Days 2022 27 octobre 2022 - PARIS Azure identity & access security best practices | Microsoft Learn
  • 25. AAD B2B Collaboration Identity Days 2022 27 octobre 2022 - PARIS Azure identity & access security best practices | Microsoft Learn
  • 26. Identity Days 2022 27 octobre 2022 - PARIS Azure identity & access security best practices | Microsoft Learn
  • 27. where normal administrative accounts can’t be used (federation unavailable, etc.) Managing emergency access administrative accounts in Azure AD Identity Days 2022 27 octobre 2022 - PARIS Azure identity & access security best practices | Microsoft Learn
  • 28. built-in roles Custom roles Identity Days 2022 27 octobre 2022 - PARIS Azure identity & access security best practices | Microsoft Learn
  • 29. Get started using Attack simulation training - Office 365 | Microsoft Docs Identity Days 2022 27 octobre 2022 - PARIS Azure identity & access security best practices | Microsoft Learn
  • 31. Different forms of MFA and passwordless authentication Identity Days 2022 27 octobre 2022 - PARIS Identity Days 2022 Authentication methods and features - Azure Active Directory - Microsoft Entra | Microsoft Learn
  • 32. Conditional Access authentication strength (preview) Identity Days 2022 27 octobre 2022 - PARIS Identity Days 2022 Overview of Azure Active Directory authentication strength (preview) - Microsoft Entra | Microsoft Learn
  • 33. Azure AD Conditional Access Identity Days 2022 27 octobre 2022 - PARIS
  • 34. Azure AD conditional access 27 octobre 2022 - PARIS Identity Days 2022
  • 35. Privileged access devices Identity Days 2022 27 octobre 2022 - PARIS
  • 36. Secure workstation for sensitive users Identity Days 2022 27 octobre 2022 - PARIS Why are privileged access devices important | Microsoft Learn
  • 37. Interface security levels Identity Days 2022 27 octobre 2022 - PARIS
  • 38. Privileged interface Security controls for specialized interfaces should include • Zero Trust policy enforcement - on inbound sessions using Conditional Access to ensure that users and devices are secured at the privileged level • Role-Based Access Control (RBAC) - Model should ensure that the application is administered only by roles at the privileged security level • Just in time access workflows (required) - that enforce least privilege by ensuring privileges are used only by authorized users during the time they are needed. Identity Days 2022 27 octobre 2022 - PARIS Securing privileged access interfaces | Microsoft Learn
  • 39. Intermediaries Identity Days 2022 27 octobre 2022 - PARIS
  • 40. Privileged access: Intermediaries Identity Days 2022 27 octobre 2022 - PARIS Securing privileged access intermediaries | Microsoft Learn
  • 41. Azure Bastion Identity Days 2022 27 octobre 2022 - PARIS
  • 42. Azure BastionArchitecture Identity Days 2022 27 octobre 2022 - PARIS About Azure Bastion | Microsoft Learn Azure Bastion is a service you deploy that lets you connect to a virtual machine using your browser and the Azure portal, or via the native SSH or RDP client already installed on your local computer.
  • 43. Identity Days 2022 27 octobre 2022 - PARIS Conclusion
  • 44. CLEAR LINES OF RESPONSIBILITY CRITICAL BEST PRACTICES Document and Socialize this widely with all teams working on Azure T I P 27 octobre 2022 - PARIS Identity Days 2022 Microsoft Security Best Practices module: Governance, risk, and compliance | Microsoft Learn
  • 45. Microsoft Zero Trust Principles To help secure both data and productivity, limit user access using • Just-in-time (JIT) • Just-enough-access (JEA) • Risk-based adaptive polices • Data protection against out of band vectors Always validate all available data points including • User identity and location • Device health • Service or workload context • Data classification • Anomalies Minimize blast radius for breaches and prevent lateral movement by • Segmenting access by network, user, devices, and app awareness. • Encrypting all sessions end to end. • Use analytics for threat detection, posture visibility and improving defenses Verify explicitly 27 octobre 2022 - PARIS Identity Days 2022 Zero Trust Model - Modern Security Architecture | Microsoft Security
  • 46. Merci à tous nos partenaires ! 27 octobre 2022 - PARIS @IdentityDays #identitydays2022