SlideShare une entreprise Scribd logo
Merci à tous nos partenaires !
27 octobre 2022 - PARIS
@IdentityDays #identitydays2022
Gestion des privilèges
sur le Cloud Microsoft
27 octobre 2022 - PARIS
Identity Days 2022
Xuan AHEHEHINNOU
Hakim TAOUSSI
Nicolas BONNET
• Introduction
• Azure AD roles
• Privileged Identity Management
• Azure roles & RBAC
• Account protection
• Azure AD Conditional Access
• Privileged access devices
• Interface security levels
• Intermediaries
• Azure bastion
• Conclusion
AGENDA DE LA CONFÉRENCE
27 octobre 2022 - PARIS
Identity Days 2022
Xuan AHEHEHINNOU
Microsoft 365 Solution Architect
@Abalon
Hakim TAOUSSI
Technical Architect /
MVP Azure
@Insight
Nicolas BONNET
CEO & IT Architect
MVP Enterprise Mobility
@InYourCloud
Introduction
Identity Days 2022
27 octobre 2022 - PARIS
http://aka.ms/SPAroadmap http://aka.ms/cyber-services
http://aka.ms/securitystandards
Death Star GoFetch
Account
Devices/Workstations
Intermediaries
Interface
Business Critical Assets
Account
Devices/Workstations
Intermediaries
Interface
Potential Attack Surface
Account
Devices/Workstations
Intermediaries
Interface
Business Critical Assets
Account
Devices/Workstations
Intermediaries
Interface
Asset Protection also required
Security updates, DevSecOps,
data at rest / in transit, etc.
Business Critical Assets
Account
Devices/Workstations
Intermediaries
Interface
Typical path of user access
Levels of security
Attacker’s cost
https://aka.ms/deploySPA
Deploying a privileged access solution | Microsoft Learn
Machine Learning
(ML) Applications
& Websites
API
Data
There are about 60 Azure Active Directory (Azure AD) built-in roles, which are roles with a fixed set of role permissions. To supplement the built-in roles, Azure AD also
supports custom roles.
There are many different services in Microsoft 365, such as Azure AD and Intune. Some of these services have their own role-based access control systems (AAD,
Exchange, Intune, MDCA, 365 Defender, Purview, Cost Management + Billing).
Azure has its own role-based access control system for Azure resources such as virtual machines, and this system is not the same as Azure AD roles.
27 octobre 2022 - PARIS
Identity Days 2022
Understand Azure Active Directory role concepts - Microsoft Entra | Microsoft Learn
Secure access with Microsoft Entra
Multicloud identity and access management
Oversee all your organization’s identities in one place
Microsoft Entra encompasses all of Microsoft’s identity and access capabilities. The Entra family
includes Microsoft Azure Active Directory (Azure AD), as well as two new product categories: Cloud
Infrastructure Entitlement Management (CIEM) and decentralized identity.
27 octobre 2022 - PARIS
Identity Days 2022
Microsoft Entra Datasheet
Azure AD
Privileged Identity management
Identity Days 2022
27 octobre 2022 - PARIS
What is Privileged Identity Management (PIM)?
PIM is a service in Azure Active Directory (Azure AD) that enables you to manage,
control, and monitor access to important resources in your organization. Such
resources include those in Azure AD, Azure, and other Microsoft Online Services,
such as Microsoft 365 or Microsoft Intune
27 octobre 2022 - PARIS
Identity Days 2022
What does PIM do?
PIM provides time-based and approval-based role activation to mitigate the
risks of excessive, unnecessary, or misused access permissions on resources
that you care about. Key features of PIM include:
✓ Provide just-in-time privileged access to Azure AD and Azure resources
✓ Assign time-bound access to resources using start and end dates
✓ Require approval to activate privileged roles
✓ Enforce multifactor authentication to activate any role
✓ Use justification to understand why users activate
✓ Get notifications when privileged roles are activated
✓ Conduct access reviews to ensure users still need roles
✓ Download audit history for internal or external audit
Identity Days 2022
27 octobre 2022 - PARIS
Identity Days 2022
PIM for Azure resource roles
• Azure Active Directory (Azure AD)
Privileged Identity Management
(PIM) can manage the built-in
Azure resource roles, as well as
custom roles, including (but not
limited to):
❑ Owner
❑ User Access Administrator
❑ Contributor
❑ Security Admin
❑ Security Manager
27 octobre 2022 - PARIS
Identity Days 2022
Management capabilities for
Privileged Access groups
• In Privileged Identity Management (PIM), you can now assign
eligibility for membership or ownership of privileged access groups.
27 octobre 2022 - PARIS
Identity Days 2022
Azure roles & RBAC
Identity Days 2022
27 octobre 2022 - PARIS
Understanding Azure Roles and RBAC
What is Azure role-based access control (Azure RBAC)? | Microsoft Learn
27 octobre 2022 - PARIS
Identity Days 2022
Best practices for Azure RBAC
• Only grant the access users need
• Using Azure RBAC, you can segregate duties within your team and grant only the amount of access to users that they
need to perform their jobs. Instead of giving everybody unrestricted permissions in your Azure subscription or
resources, you can allow only certain actions at a particular scope.
• Limit the number of subscription owners
• You should have a maximum of 3 subscription owners to reduce the potential for breach by a compromised owner.
This recommendation can be monitored in Microsoft Defender for Cloud.
• Use Azure AD Privileged Identity Management
• PIM helps protect privileged accounts by providing just-in-time privileged access to Azure AD and Azure resources.
Access can be time bound after which privileges are revoked automatically.
• Assign roles to groups, not users
• Assigning roles to groups instead of users also helps minimize the number of role assignments
• Assign roles using the unique role ID instead of the role name
• Even if a role is renamed, the role ID does not change
Identity Days 2022
27 octobre 2022 - PARIS
Best practices for Azure RBAC | Microsoft Learn Identity Days 2022
Azure RACI Template
• The purpose of this RACI is to provide a foundation for organizations beginning the journey into
Microsoft Azure. It contains common tasks across both governance and operations that
organizations should identify owners and operators for.
Identity Days 2022
27 octobre 2022 - PARIS
GitHub - jkstant/AzureRACIToolkit Identity Days 2022
Account protection
Identity Days 2022
27 octobre 2022 - PARIS
Privileged access: Accounts
Identity Days 2022
27 octobre 2022 - PARIS
Securing privileged access accounts | Microsoft Learn
CRITICAL BEST PRACTICES
BLOCK LEGACY AUTHENTICATION
password spray attacks (majority use legacy auth)
https://techcommunity.microsoft.com/t5/Azure-Active-
Directory-Identity/Azure-AD-Conditional-Access-
support-for-blocking-legacy-auth-is/ba-p/245417
Identity Days 2022
27 octobre 2022 - PARIS
Azure identity & access security best practices | Microsoft Learn
AAD B2B Collaboration
Identity Days 2022
27 octobre 2022 - PARIS
Azure identity & access security best practices | Microsoft Learn
Identity Days 2022
27 octobre 2022 - PARIS
Azure identity & access security best practices | Microsoft Learn
where
normal administrative accounts can’t be
used (federation unavailable, etc.)
Managing
emergency access administrative accounts in
Azure AD
Identity Days 2022
27 octobre 2022 - PARIS
Azure identity & access security best practices | Microsoft Learn
built-in roles
Custom roles
Identity Days 2022
27 octobre 2022 - PARIS
Azure identity & access security best practices | Microsoft Learn
Get started using Attack simulation training - Office 365 | Microsoft Docs
Identity Days 2022
27 octobre 2022 - PARIS
Azure identity & access security best practices | Microsoft Learn
CRITICAL BEST PRACTICES
https://channel9.msdn.com/events/Ignite/Microsoft-Ignite-Orlando-2017/BRK3016
http://aka.ms/HelloForBusiness
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-
phone-sign-in
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates
Note: Text Message based MFA is now relatively inexpensive for attackers to bypass, so focus on passwordless & stronger MFA
Identity Days 2022
27 octobre 2022 - PARIS
Different forms of MFA and passwordless authentication
Identity Days 2022
27 octobre 2022 - PARIS
Identity Days 2022
Authentication methods and features - Azure Active Directory - Microsoft Entra | Microsoft Learn
Conditional Access authentication strength (preview)
Identity Days 2022
27 octobre 2022 - PARIS
Identity Days 2022
Overview of Azure Active Directory authentication strength (preview) - Microsoft Entra | Microsoft Learn
Azure AD
Conditional Access
Identity Days 2022
27 octobre 2022 - PARIS
Azure AD conditional access
27 octobre 2022 - PARIS
Identity Days 2022
Privileged access devices
Identity Days 2022
27 octobre 2022 - PARIS
Secure workstation for sensitive users
Identity Days 2022
27 octobre 2022 - PARIS
Why are privileged access devices important | Microsoft Learn
Interface security levels
Identity Days 2022
27 octobre 2022 - PARIS
Privileged interface
Security controls for specialized interfaces should include
• Zero Trust policy enforcement - on inbound sessions using Conditional Access to ensure that users and devices are secured at the privileged level
• Role-Based Access Control (RBAC) - Model should ensure that the application is administered only by roles at the privileged security level
• Just in time access workflows (required) - that enforce least privilege by ensuring privileges are used only by authorized users during the time they
are needed.
Identity Days 2022
27 octobre 2022 - PARIS
Securing privileged access interfaces | Microsoft Learn
Intermediaries
Identity Days 2022
27 octobre 2022 - PARIS
Privileged access: Intermediaries
Identity Days 2022
27 octobre 2022 - PARIS
Securing privileged access intermediaries | Microsoft Learn
Azure Bastion
Identity Days 2022
27 octobre 2022 - PARIS
Azure BastionArchitecture
Identity Days 2022
27 octobre 2022 - PARIS
About Azure Bastion | Microsoft Learn
Azure Bastion is a service
you deploy that lets you
connect to a virtual
machine using your
browser and the Azure
portal, or via the native
SSH or RDP client
already installed on your
local computer.
Identity Days 2022
27 octobre 2022 - PARIS
Conclusion
CLEAR LINES OF RESPONSIBILITY
CRITICAL BEST PRACTICES
Document and Socialize this widely
with all teams working on Azure
T I P
27 octobre 2022 - PARIS
Identity Days 2022
Microsoft Security Best Practices module: Governance, risk, and compliance | Microsoft Learn
Microsoft Zero Trust Principles
To help secure both data and
productivity, limit user access using
• Just-in-time (JIT)
• Just-enough-access (JEA)
• Risk-based adaptive polices
• Data protection against out of
band vectors
Always validate all available data
points including
• User identity and location
• Device health
• Service or workload context
• Data classification
• Anomalies
Minimize blast radius for breaches
and prevent lateral movement by
• Segmenting access by network,
user, devices, and app awareness.
• Encrypting all sessions end to
end.
• Use analytics for threat detection,
posture visibility and improving
defenses
Verify explicitly
27 octobre 2022 - PARIS
Identity Days 2022
Zero Trust Model - Modern Security Architecture | Microsoft Security
Merci à tous nos partenaires !
27 octobre 2022 - PARIS
@IdentityDays #identitydays2022

Contenu connexe

Similaire à IdentityDays2022 - Gestion des privilèges sur le Cloud Microsoft

Securing your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureSecuring your Azure Identity Infrastructure
Securing your Azure Identity Infrastructure
Vignesh Ganesan I Microsoft MVP
 
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
AzureEzy1
 
Microsoft-Entra-Identity-and-Access-presentation.pdf
Microsoft-Entra-Identity-and-Access-presentation.pdfMicrosoft-Entra-Identity-and-Access-presentation.pdf
Microsoft-Entra-Identity-and-Access-presentation.pdf
JohnDoe583546
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
Girish Kalamati
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and Compliance
Vignesh Ganesan I Microsoft MVP
 
Secure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity GovernanceSecure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity Governance
Vignesh Ganesan I Microsoft MVP
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
Peter Selch Dahl
 
JoTechies - Cloud identity
JoTechies - Cloud identityJoTechies - Cloud identity
JoTechies - Cloud identity
JoTechies
 
Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015
Robert Crane
 
Azure Day 1.pptx
Azure Day 1.pptxAzure Day 1.pptx
Azure Day 1.pptx
masbulosoke
 
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...
Trivadis
 
Azure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for DevelopersAzure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for Developers
John Garland
 
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Edureka!
 
Gouvernance multi-tenant d’identités et ressources Azure avec Azure Active Di...
Gouvernance multi-tenant d’identités et ressources Azure avec Azure Active Di...Gouvernance multi-tenant d’identités et ressources Azure avec Azure Active Di...
Gouvernance multi-tenant d’identités et ressources Azure avec Azure Active Di...
Identity Days
 
Global azure virtual 2021 - Azure Lighthouse
Global azure virtual 2021 - Azure LighthouseGlobal azure virtual 2021 - Azure Lighthouse
Global azure virtual 2021 - Azure Lighthouse
Ivo Andreev
 
Building a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data CenterBuilding a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data Center
Patrick Sklodowski
 
The user s identities
The user s identitiesThe user s identities
The user s identities
Giuliano Latini
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active Directory
Krunal Trivedi
 
Hitchhiker's Guide to Azure AD - SPSKC
Hitchhiker's Guide to Azure AD - SPSKCHitchhiker's Guide to Azure AD - SPSKC
Hitchhiker's Guide to Azure AD - SPSKC
Max Fritz
 
AZ-104 Course Training Presentation_KoFi.pdf
AZ-104 Course Training Presentation_KoFi.pdfAZ-104 Course Training Presentation_KoFi.pdf
AZ-104 Course Training Presentation_KoFi.pdf
OlivierLumeau1
 

Similaire à IdentityDays2022 - Gestion des privilèges sur le Cloud Microsoft (20)

Securing your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureSecuring your Azure Identity Infrastructure
Securing your Azure Identity Infrastructure
 
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
 
Microsoft-Entra-Identity-and-Access-presentation.pdf
Microsoft-Entra-Identity-and-Access-presentation.pdfMicrosoft-Entra-Identity-and-Access-presentation.pdf
Microsoft-Entra-Identity-and-Access-presentation.pdf
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and Compliance
 
Secure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity GovernanceSecure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity Governance
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
 
JoTechies - Cloud identity
JoTechies - Cloud identityJoTechies - Cloud identity
JoTechies - Cloud identity
 
Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015
 
Azure Day 1.pptx
Azure Day 1.pptxAzure Day 1.pptx
Azure Day 1.pptx
 
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...
 
Azure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for DevelopersAzure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for Developers
 
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
 
Gouvernance multi-tenant d’identités et ressources Azure avec Azure Active Di...
Gouvernance multi-tenant d’identités et ressources Azure avec Azure Active Di...Gouvernance multi-tenant d’identités et ressources Azure avec Azure Active Di...
Gouvernance multi-tenant d’identités et ressources Azure avec Azure Active Di...
 
Global azure virtual 2021 - Azure Lighthouse
Global azure virtual 2021 - Azure LighthouseGlobal azure virtual 2021 - Azure Lighthouse
Global azure virtual 2021 - Azure Lighthouse
 
Building a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data CenterBuilding a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data Center
 
The user s identities
The user s identitiesThe user s identities
The user s identities
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active Directory
 
Hitchhiker's Guide to Azure AD - SPSKC
Hitchhiker's Guide to Azure AD - SPSKCHitchhiker's Guide to Azure AD - SPSKC
Hitchhiker's Guide to Azure AD - SPSKC
 
AZ-104 Course Training Presentation_KoFi.pdf
AZ-104 Course Training Presentation_KoFi.pdfAZ-104 Course Training Presentation_KoFi.pdf
AZ-104 Course Training Presentation_KoFi.pdf
 

Plus de Identity Days

Live Action : assistez à la récupération d’un AD compromis
Live Action : assistez à la récupération d’un AD compromisLive Action : assistez à la récupération d’un AD compromis
Live Action : assistez à la récupération d’un AD compromis
Identity Days
 
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?
Identity Days
 
Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...
Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...
Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...
Identity Days
 
Passwordless – de la théorie à la pratique
Passwordless – de la théorie à la pratiquePasswordless – de la théorie à la pratique
Passwordless – de la théorie à la pratique
Identity Days
 
L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...
L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...
L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...
Identity Days
 
Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...
Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...
Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...
Identity Days
 
SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...
SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...
SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...
Identity Days
 
Gérer les privilèges locaux en utilisant Intune
Gérer les privilèges locaux en utilisant IntuneGérer les privilèges locaux en utilisant Intune
Gérer les privilèges locaux en utilisant Intune
Identity Days
 
Comment et pourquoi maîtriser les privilèges d’administrateur local sur Windo...
Comment et pourquoi maîtriser les privilèges d’administrateur local sur Windo...Comment et pourquoi maîtriser les privilèges d’administrateur local sur Windo...
Comment et pourquoi maîtriser les privilèges d’administrateur local sur Windo...
Identity Days
 
Les angles morts de la protection des identités : Les comptes de services et ...
Les angles morts de la protection des identités : Les comptes de services et ...Les angles morts de la protection des identités : Les comptes de services et ...
Les angles morts de la protection des identités : Les comptes de services et ...
Identity Days
 
Construire un moteur de workflow modulaire et convivial dans une gestion des ...
Construire un moteur de workflow modulaire et convivial dans une gestion des ...Construire un moteur de workflow modulaire et convivial dans une gestion des ...
Construire un moteur de workflow modulaire et convivial dans une gestion des ...
Identity Days
 
Démos d’attaques par rebond en environnement hybride Active Directory-Azure AD
Démos d’attaques par rebond en environnement hybride Active Directory-Azure ADDémos d’attaques par rebond en environnement hybride Active Directory-Azure AD
Démos d’attaques par rebond en environnement hybride Active Directory-Azure AD
Identity Days
 
Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...
Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...
Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...
Identity Days
 
SSO et fédération d’identités avec le logiciel libre LemonLDAP::NG
SSO et fédération d’identités avec le logiciel libre LemonLDAP::NGSSO et fédération d’identités avec le logiciel libre LemonLDAP::NG
SSO et fédération d’identités avec le logiciel libre LemonLDAP::NG
Identity Days
 
Gestion de la dette technique – Le tier legacy-2023.pptx
Gestion de la dette technique – Le tier legacy-2023.pptxGestion de la dette technique – Le tier legacy-2023.pptx
Gestion de la dette technique – Le tier legacy-2023.pptx
Identity Days
 
L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...
L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...
L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...
Identity Days
 
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Identity Days
 
Modes de raccordement SSO et utilisations avancées de LemonLDAP::NG
Modes de raccordement SSO et utilisations avancées de LemonLDAP::NGModes de raccordement SSO et utilisations avancées de LemonLDAP::NG
Modes de raccordement SSO et utilisations avancées de LemonLDAP::NG
Identity Days
 
Récupération d’un Active Directory: comment repartir en confiance après une c...
Récupération d’un Active Directory: comment repartir en confiance après une c...Récupération d’un Active Directory: comment repartir en confiance après une c...
Récupération d’un Active Directory: comment repartir en confiance après une c...
Identity Days
 
Gestion des identités : par où commencer ?
Gestion des identités : par où commencer ?Gestion des identités : par où commencer ?
Gestion des identités : par où commencer ?
Identity Days
 

Plus de Identity Days (20)

Live Action : assistez à la récupération d’un AD compromis
Live Action : assistez à la récupération d’un AD compromisLive Action : assistez à la récupération d’un AD compromis
Live Action : assistez à la récupération d’un AD compromis
 
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?
Directive européenne NIS2 : Etes-vous concerné ? Comment s’y préparer ?
 
Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...
Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...
Quelle approche préventive adopter pour empêcher les mouvements latéraux au s...
 
Passwordless – de la théorie à la pratique
Passwordless – de la théorie à la pratiquePasswordless – de la théorie à la pratique
Passwordless – de la théorie à la pratique
 
L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...
L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...
L’authentification à l’Ère des grandes ruptures technologiques, un Virage à p...
 
Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...
Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...
Est-il possible de combiner sécurité physique, cybersécurité et biométrie déc...
 
SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...
SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...
SSO as a Service ou comment mettre en oeuvre une architecture SSO DevOps avec...
 
Gérer les privilèges locaux en utilisant Intune
Gérer les privilèges locaux en utilisant IntuneGérer les privilèges locaux en utilisant Intune
Gérer les privilèges locaux en utilisant Intune
 
Comment et pourquoi maîtriser les privilèges d’administrateur local sur Windo...
Comment et pourquoi maîtriser les privilèges d’administrateur local sur Windo...Comment et pourquoi maîtriser les privilèges d’administrateur local sur Windo...
Comment et pourquoi maîtriser les privilèges d’administrateur local sur Windo...
 
Les angles morts de la protection des identités : Les comptes de services et ...
Les angles morts de la protection des identités : Les comptes de services et ...Les angles morts de la protection des identités : Les comptes de services et ...
Les angles morts de la protection des identités : Les comptes de services et ...
 
Construire un moteur de workflow modulaire et convivial dans une gestion des ...
Construire un moteur de workflow modulaire et convivial dans une gestion des ...Construire un moteur de workflow modulaire et convivial dans une gestion des ...
Construire un moteur de workflow modulaire et convivial dans une gestion des ...
 
Démos d’attaques par rebond en environnement hybride Active Directory-Azure AD
Démos d’attaques par rebond en environnement hybride Active Directory-Azure ADDémos d’attaques par rebond en environnement hybride Active Directory-Azure AD
Démos d’attaques par rebond en environnement hybride Active Directory-Azure AD
 
Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...
Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...
Des outils 100% Open Source pour gérer votre annuaire LDAP et votre Active Di...
 
SSO et fédération d’identités avec le logiciel libre LemonLDAP::NG
SSO et fédération d’identités avec le logiciel libre LemonLDAP::NGSSO et fédération d’identités avec le logiciel libre LemonLDAP::NG
SSO et fédération d’identités avec le logiciel libre LemonLDAP::NG
 
Gestion de la dette technique – Le tier legacy-2023.pptx
Gestion de la dette technique – Le tier legacy-2023.pptxGestion de la dette technique – Le tier legacy-2023.pptx
Gestion de la dette technique – Le tier legacy-2023.pptx
 
L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...
L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...
L’iam : au-delà des idées reçues, les clés de la gestion des identités et des...
 
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
Réussir son projet de sécurisation des Identités en 5 commandements (parce qu...
 
Modes de raccordement SSO et utilisations avancées de LemonLDAP::NG
Modes de raccordement SSO et utilisations avancées de LemonLDAP::NGModes de raccordement SSO et utilisations avancées de LemonLDAP::NG
Modes de raccordement SSO et utilisations avancées de LemonLDAP::NG
 
Récupération d’un Active Directory: comment repartir en confiance après une c...
Récupération d’un Active Directory: comment repartir en confiance après une c...Récupération d’un Active Directory: comment repartir en confiance après une c...
Récupération d’un Active Directory: comment repartir en confiance après une c...
 
Gestion des identités : par où commencer ?
Gestion des identités : par où commencer ?Gestion des identités : par où commencer ?
Gestion des identités : par où commencer ?
 

Dernier

It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...
Zilliz
 
Latest Tech Trends Series 2024 By EY India
Latest Tech Trends Series 2024 By EY IndiaLatest Tech Trends Series 2024 By EY India
Latest Tech Trends Series 2024 By EY India
EYIndia1
 
Accelerating Migrations = Recommendations
Accelerating Migrations = RecommendationsAccelerating Migrations = Recommendations
Accelerating Migrations = Recommendations
isBullShit
 
Discovery Series - Zero to Hero - Task Mining Session 1
Discovery Series - Zero to Hero - Task Mining Session 1Discovery Series - Zero to Hero - Task Mining Session 1
Discovery Series - Zero to Hero - Task Mining Session 1
DianaGray10
 
kk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdfkk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdf
KIRAN KV
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
Steven Carlson
 
Zaitechno Handheld Raman Spectrometer.pdf
Zaitechno Handheld Raman Spectrometer.pdfZaitechno Handheld Raman Spectrometer.pdf
Zaitechno Handheld Raman Spectrometer.pdf
AmandaCheung15
 
NVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space ExplorationNVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space Exploration
Alison B. Lowndes
 
CheckPoint Firewall Presentation CCSA.pdf
CheckPoint Firewall Presentation CCSA.pdfCheckPoint Firewall Presentation CCSA.pdf
CheckPoint Firewall Presentation CCSA.pdf
ssuser137992
 
Welcome to Cyberbiosecurity. Because regular cybersecurity wasn't complicated...
Welcome to Cyberbiosecurity. Because regular cybersecurity wasn't complicated...Welcome to Cyberbiosecurity. Because regular cybersecurity wasn't complicated...
Welcome to Cyberbiosecurity. Because regular cybersecurity wasn't complicated...
Snarky Security
 
Camunda Chapter NY Meetup July 2024.pptx
Camunda Chapter NY Meetup July 2024.pptxCamunda Chapter NY Meetup July 2024.pptx
Camunda Chapter NY Meetup July 2024.pptx
ZachWylie3
 
How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...
DianaGray10
 
UX Webinar Series: Aligning Authentication Experiences with Business Goals
UX Webinar Series: Aligning Authentication Experiences with Business GoalsUX Webinar Series: Aligning Authentication Experiences with Business Goals
UX Webinar Series: Aligning Authentication Experiences with Business Goals
FIDO Alliance
 
Uncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in LibrariesUncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in Libraries
Brian Pichman
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
SAI KAILASH R
 
Choosing the Best Outlook OST to PST Converter: Key Features and Considerations
Choosing the Best Outlook OST to PST Converter: Key Features and ConsiderationsChoosing the Best Outlook OST to PST Converter: Key Features and Considerations
Choosing the Best Outlook OST to PST Converter: Key Features and Considerations
webbyacad software
 
Generative AI Reasoning Tech Talk - July 2024
Generative AI Reasoning Tech Talk - July 2024Generative AI Reasoning Tech Talk - July 2024
Generative AI Reasoning Tech Talk - July 2024
siddu769252
 
Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3
DianaGray10
 
Intel Unveils Core Ultra 200V Lunar chip .pdf
Intel Unveils Core Ultra 200V Lunar chip .pdfIntel Unveils Core Ultra 200V Lunar chip .pdf
Intel Unveils Core Ultra 200V Lunar chip .pdf
Tech Guru
 
Smart Mobility Market:Revolutionizing Transportation.pdf
Smart Mobility Market:Revolutionizing Transportation.pdfSmart Mobility Market:Revolutionizing Transportation.pdf
Smart Mobility Market:Revolutionizing Transportation.pdf
Market.us
 

Dernier (20)

It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...It's your unstructured data: How to get your GenAI app to production (and spe...
It's your unstructured data: How to get your GenAI app to production (and spe...
 
Latest Tech Trends Series 2024 By EY India
Latest Tech Trends Series 2024 By EY IndiaLatest Tech Trends Series 2024 By EY India
Latest Tech Trends Series 2024 By EY India
 
Accelerating Migrations = Recommendations
Accelerating Migrations = RecommendationsAccelerating Migrations = Recommendations
Accelerating Migrations = Recommendations
 
Discovery Series - Zero to Hero - Task Mining Session 1
Discovery Series - Zero to Hero - Task Mining Session 1Discovery Series - Zero to Hero - Task Mining Session 1
Discovery Series - Zero to Hero - Task Mining Session 1
 
kk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdfkk vathada _digital transformation frameworks_2024.pdf
kk vathada _digital transformation frameworks_2024.pdf
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
 
Zaitechno Handheld Raman Spectrometer.pdf
Zaitechno Handheld Raman Spectrometer.pdfZaitechno Handheld Raman Spectrometer.pdf
Zaitechno Handheld Raman Spectrometer.pdf
 
NVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space ExplorationNVIDIA at Breakthrough Discuss for Space Exploration
NVIDIA at Breakthrough Discuss for Space Exploration
 
CheckPoint Firewall Presentation CCSA.pdf
CheckPoint Firewall Presentation CCSA.pdfCheckPoint Firewall Presentation CCSA.pdf
CheckPoint Firewall Presentation CCSA.pdf
 
Welcome to Cyberbiosecurity. Because regular cybersecurity wasn't complicated...
Welcome to Cyberbiosecurity. Because regular cybersecurity wasn't complicated...Welcome to Cyberbiosecurity. Because regular cybersecurity wasn't complicated...
Welcome to Cyberbiosecurity. Because regular cybersecurity wasn't complicated...
 
Camunda Chapter NY Meetup July 2024.pptx
Camunda Chapter NY Meetup July 2024.pptxCamunda Chapter NY Meetup July 2024.pptx
Camunda Chapter NY Meetup July 2024.pptx
 
How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...How UiPath Discovery Suite supports identification of Agentic Process Automat...
How UiPath Discovery Suite supports identification of Agentic Process Automat...
 
UX Webinar Series: Aligning Authentication Experiences with Business Goals
UX Webinar Series: Aligning Authentication Experiences with Business GoalsUX Webinar Series: Aligning Authentication Experiences with Business Goals
UX Webinar Series: Aligning Authentication Experiences with Business Goals
 
Uncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in LibrariesUncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in Libraries
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
 
Choosing the Best Outlook OST to PST Converter: Key Features and Considerations
Choosing the Best Outlook OST to PST Converter: Key Features and ConsiderationsChoosing the Best Outlook OST to PST Converter: Key Features and Considerations
Choosing the Best Outlook OST to PST Converter: Key Features and Considerations
 
Generative AI Reasoning Tech Talk - July 2024
Generative AI Reasoning Tech Talk - July 2024Generative AI Reasoning Tech Talk - July 2024
Generative AI Reasoning Tech Talk - July 2024
 
Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3Communications Mining Series - Zero to Hero - Session 3
Communications Mining Series - Zero to Hero - Session 3
 
Intel Unveils Core Ultra 200V Lunar chip .pdf
Intel Unveils Core Ultra 200V Lunar chip .pdfIntel Unveils Core Ultra 200V Lunar chip .pdf
Intel Unveils Core Ultra 200V Lunar chip .pdf
 
Smart Mobility Market:Revolutionizing Transportation.pdf
Smart Mobility Market:Revolutionizing Transportation.pdfSmart Mobility Market:Revolutionizing Transportation.pdf
Smart Mobility Market:Revolutionizing Transportation.pdf
 

IdentityDays2022 - Gestion des privilèges sur le Cloud Microsoft

  • 1. Merci à tous nos partenaires ! 27 octobre 2022 - PARIS @IdentityDays #identitydays2022
  • 2. Gestion des privilèges sur le Cloud Microsoft 27 octobre 2022 - PARIS Identity Days 2022 Xuan AHEHEHINNOU Hakim TAOUSSI Nicolas BONNET
  • 3. • Introduction • Azure AD roles • Privileged Identity Management • Azure roles & RBAC • Account protection • Azure AD Conditional Access • Privileged access devices • Interface security levels • Intermediaries • Azure bastion • Conclusion AGENDA DE LA CONFÉRENCE 27 octobre 2022 - PARIS Identity Days 2022 Xuan AHEHEHINNOU Microsoft 365 Solution Architect @Abalon Hakim TAOUSSI Technical Architect / MVP Azure @Insight Nicolas BONNET CEO & IT Architect MVP Enterprise Mobility @InYourCloud
  • 4. Introduction Identity Days 2022 27 octobre 2022 - PARIS
  • 8. Business Critical Assets Account Devices/Workstations Intermediaries Interface Typical path of user access Levels of security Attacker’s cost https://aka.ms/deploySPA
  • 9. Deploying a privileged access solution | Microsoft Learn
  • 11. There are about 60 Azure Active Directory (Azure AD) built-in roles, which are roles with a fixed set of role permissions. To supplement the built-in roles, Azure AD also supports custom roles. There are many different services in Microsoft 365, such as Azure AD and Intune. Some of these services have their own role-based access control systems (AAD, Exchange, Intune, MDCA, 365 Defender, Purview, Cost Management + Billing). Azure has its own role-based access control system for Azure resources such as virtual machines, and this system is not the same as Azure AD roles. 27 octobre 2022 - PARIS Identity Days 2022 Understand Azure Active Directory role concepts - Microsoft Entra | Microsoft Learn
  • 12. Secure access with Microsoft Entra Multicloud identity and access management Oversee all your organization’s identities in one place Microsoft Entra encompasses all of Microsoft’s identity and access capabilities. The Entra family includes Microsoft Azure Active Directory (Azure AD), as well as two new product categories: Cloud Infrastructure Entitlement Management (CIEM) and decentralized identity. 27 octobre 2022 - PARIS Identity Days 2022 Microsoft Entra Datasheet
  • 13. Azure AD Privileged Identity management Identity Days 2022 27 octobre 2022 - PARIS
  • 14. What is Privileged Identity Management (PIM)? PIM is a service in Azure Active Directory (Azure AD) that enables you to manage, control, and monitor access to important resources in your organization. Such resources include those in Azure AD, Azure, and other Microsoft Online Services, such as Microsoft 365 or Microsoft Intune 27 octobre 2022 - PARIS Identity Days 2022
  • 15. What does PIM do? PIM provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. Key features of PIM include: ✓ Provide just-in-time privileged access to Azure AD and Azure resources ✓ Assign time-bound access to resources using start and end dates ✓ Require approval to activate privileged roles ✓ Enforce multifactor authentication to activate any role ✓ Use justification to understand why users activate ✓ Get notifications when privileged roles are activated ✓ Conduct access reviews to ensure users still need roles ✓ Download audit history for internal or external audit Identity Days 2022 27 octobre 2022 - PARIS Identity Days 2022
  • 16. PIM for Azure resource roles • Azure Active Directory (Azure AD) Privileged Identity Management (PIM) can manage the built-in Azure resource roles, as well as custom roles, including (but not limited to): ❑ Owner ❑ User Access Administrator ❑ Contributor ❑ Security Admin ❑ Security Manager 27 octobre 2022 - PARIS Identity Days 2022
  • 17. Management capabilities for Privileged Access groups • In Privileged Identity Management (PIM), you can now assign eligibility for membership or ownership of privileged access groups. 27 octobre 2022 - PARIS Identity Days 2022
  • 18. Azure roles & RBAC Identity Days 2022 27 octobre 2022 - PARIS
  • 19. Understanding Azure Roles and RBAC What is Azure role-based access control (Azure RBAC)? | Microsoft Learn 27 octobre 2022 - PARIS Identity Days 2022
  • 20. Best practices for Azure RBAC • Only grant the access users need • Using Azure RBAC, you can segregate duties within your team and grant only the amount of access to users that they need to perform their jobs. Instead of giving everybody unrestricted permissions in your Azure subscription or resources, you can allow only certain actions at a particular scope. • Limit the number of subscription owners • You should have a maximum of 3 subscription owners to reduce the potential for breach by a compromised owner. This recommendation can be monitored in Microsoft Defender for Cloud. • Use Azure AD Privileged Identity Management • PIM helps protect privileged accounts by providing just-in-time privileged access to Azure AD and Azure resources. Access can be time bound after which privileges are revoked automatically. • Assign roles to groups, not users • Assigning roles to groups instead of users also helps minimize the number of role assignments • Assign roles using the unique role ID instead of the role name • Even if a role is renamed, the role ID does not change Identity Days 2022 27 octobre 2022 - PARIS Best practices for Azure RBAC | Microsoft Learn Identity Days 2022
  • 21. Azure RACI Template • The purpose of this RACI is to provide a foundation for organizations beginning the journey into Microsoft Azure. It contains common tasks across both governance and operations that organizations should identify owners and operators for. Identity Days 2022 27 octobre 2022 - PARIS GitHub - jkstant/AzureRACIToolkit Identity Days 2022
  • 22. Account protection Identity Days 2022 27 octobre 2022 - PARIS
  • 23. Privileged access: Accounts Identity Days 2022 27 octobre 2022 - PARIS Securing privileged access accounts | Microsoft Learn
  • 24. CRITICAL BEST PRACTICES BLOCK LEGACY AUTHENTICATION password spray attacks (majority use legacy auth) https://techcommunity.microsoft.com/t5/Azure-Active- Directory-Identity/Azure-AD-Conditional-Access- support-for-blocking-legacy-auth-is/ba-p/245417 Identity Days 2022 27 octobre 2022 - PARIS Azure identity & access security best practices | Microsoft Learn
  • 25. AAD B2B Collaboration Identity Days 2022 27 octobre 2022 - PARIS Azure identity & access security best practices | Microsoft Learn
  • 26. Identity Days 2022 27 octobre 2022 - PARIS Azure identity & access security best practices | Microsoft Learn
  • 27. where normal administrative accounts can’t be used (federation unavailable, etc.) Managing emergency access administrative accounts in Azure AD Identity Days 2022 27 octobre 2022 - PARIS Azure identity & access security best practices | Microsoft Learn
  • 28. built-in roles Custom roles Identity Days 2022 27 octobre 2022 - PARIS Azure identity & access security best practices | Microsoft Learn
  • 29. Get started using Attack simulation training - Office 365 | Microsoft Docs Identity Days 2022 27 octobre 2022 - PARIS Azure identity & access security best practices | Microsoft Learn
  • 31. Different forms of MFA and passwordless authentication Identity Days 2022 27 octobre 2022 - PARIS Identity Days 2022 Authentication methods and features - Azure Active Directory - Microsoft Entra | Microsoft Learn
  • 32. Conditional Access authentication strength (preview) Identity Days 2022 27 octobre 2022 - PARIS Identity Days 2022 Overview of Azure Active Directory authentication strength (preview) - Microsoft Entra | Microsoft Learn
  • 33. Azure AD Conditional Access Identity Days 2022 27 octobre 2022 - PARIS
  • 34. Azure AD conditional access 27 octobre 2022 - PARIS Identity Days 2022
  • 35. Privileged access devices Identity Days 2022 27 octobre 2022 - PARIS
  • 36. Secure workstation for sensitive users Identity Days 2022 27 octobre 2022 - PARIS Why are privileged access devices important | Microsoft Learn
  • 37. Interface security levels Identity Days 2022 27 octobre 2022 - PARIS
  • 38. Privileged interface Security controls for specialized interfaces should include • Zero Trust policy enforcement - on inbound sessions using Conditional Access to ensure that users and devices are secured at the privileged level • Role-Based Access Control (RBAC) - Model should ensure that the application is administered only by roles at the privileged security level • Just in time access workflows (required) - that enforce least privilege by ensuring privileges are used only by authorized users during the time they are needed. Identity Days 2022 27 octobre 2022 - PARIS Securing privileged access interfaces | Microsoft Learn
  • 39. Intermediaries Identity Days 2022 27 octobre 2022 - PARIS
  • 40. Privileged access: Intermediaries Identity Days 2022 27 octobre 2022 - PARIS Securing privileged access intermediaries | Microsoft Learn
  • 41. Azure Bastion Identity Days 2022 27 octobre 2022 - PARIS
  • 42. Azure BastionArchitecture Identity Days 2022 27 octobre 2022 - PARIS About Azure Bastion | Microsoft Learn Azure Bastion is a service you deploy that lets you connect to a virtual machine using your browser and the Azure portal, or via the native SSH or RDP client already installed on your local computer.
  • 43. Identity Days 2022 27 octobre 2022 - PARIS Conclusion
  • 44. CLEAR LINES OF RESPONSIBILITY CRITICAL BEST PRACTICES Document and Socialize this widely with all teams working on Azure T I P 27 octobre 2022 - PARIS Identity Days 2022 Microsoft Security Best Practices module: Governance, risk, and compliance | Microsoft Learn
  • 45. Microsoft Zero Trust Principles To help secure both data and productivity, limit user access using • Just-in-time (JIT) • Just-enough-access (JEA) • Risk-based adaptive polices • Data protection against out of band vectors Always validate all available data points including • User identity and location • Device health • Service or workload context • Data classification • Anomalies Minimize blast radius for breaches and prevent lateral movement by • Segmenting access by network, user, devices, and app awareness. • Encrypting all sessions end to end. • Use analytics for threat detection, posture visibility and improving defenses Verify explicitly 27 octobre 2022 - PARIS Identity Days 2022 Zero Trust Model - Modern Security Architecture | Microsoft Security
  • 46. Merci à tous nos partenaires ! 27 octobre 2022 - PARIS @IdentityDays #identitydays2022