Hello, Siberians. Welcome to this lesson on anxiety. Privileged identity management parts to this lesson is a continuation from the previous lesson where we started to introduce Pim
some quick information on what we're recovering in this lesson.
We'll start by defining some important team terminology
would then review Pim Walk flows from three Perspective from that of an admission from data for user on from dot of UN approval
will conclude with a discussion off access review in team. Let's get into this.
Let's start by defining some important team technology that will help to improve our understanding off the service.
The first time is eligible.
Heritable means that a user needs to go through a request on up of a process for them to be a science travel by team.
For example, if I make Brenda eligible for the global administrator role,
it's maze that Brendan needs to go true. A request enough over process for our to be assigned to the global admin vote.
This process may involve Brenda providing justification for requiring the vote or even it's a cat number is required on the request may be sensed. Ronaldo User for approval before the vote will be assigned to Brenda by team.
The next time is active. Active means that a user does not need to go through a process to be assigned a row. In other words, the role is already assigned. For example, if I make Bradley active for the global ad mineral, Pim goes, I had toe assigned the vote. Bradley
on. It does not need to go to a request on approval process.
Then we have permanently eligible, which means that there is no time limit toe. When a user can request for the vote to be assigned, then we have permanently active, which means that there is no time limit to the vote that assigns to the user.
Now let's review the implementation Walk flows for pain, and we look at it from tree perspective
from the perspective off the team administrator
from the perspective or devoting question or the user.
And finally, from the perspective off the bowl, approve. ER, the team administrator is the vote that configure scheme and specifies what can be assigned to protect that votes in an organization.
The first thing that they administer Dio is to go to the PM console in the azure portal
then on body. The votes that it wants to protect into him on this could be a jury. Social larger. 80 votes
a joy. DeVos are actually automatically on body into pain. So it's mainly azure resource rules that it needs somebody
after these the configured vote with settings like the maximum division of assignment for the vote. What I justification is required or not with an approve oh is required or not on the designated approve er's if approval is required
without not in notification, needs to be sent to a certain group or to a certain user when an identities activated. So this is the step where they admit confidence. Although settings, the final step from the perspective of on that mean, is to assign users to DeVos that it can activate.
Then we go to the perspective off a user or developing question.
The first thing that they do is go to the pin console, where they will see a list off the roads that they're eligible to activate.
The candidates selects devoted. They would like to activate
on, then click on the activate option.
This will trigger the approval walk flow on the user can then provide a justification for activating the vote, including the reference to get number if this is required.
And finally the request was, says Ghost Rana Pooper.
The approval will receive an email that there is a pendant requests
they can don't click on the link in the email, and this would take them to the pin. Come. So in the azure Pato,
the condensed elects to either choose to approve or deny the request if they approved requests criminal proceeds to assign the vote to the user. The reason. Important route to be a wealth, which we got to a preventive oh, assignment requests
on rule is that users cannot approve their home request.
For example, if I make Brenda eligible for the application, administrative rope
by house on make Brenda on approval for to vote
can bend up of our own requests, the answer lies. No. Brenda would not even see the request in the Potter. The request. One needs to be approved by another designated upriver.
Finally, let's look at the access review feature off as a a deep team.
It is a security best practice to regularly review privileged access
on demand visits. To do this
access requirements changes over time
as people move teams or live the company when needs to ensure the old access that is no longer needed is removed.
With a joy deep team, we can create access reviews for protected as your 80 on azure resource rose.
The men benefit off. This is to reduce the risk associated with still rule assignment. Let's check out how the access review feature walks in Pim.
There, three men stages.
The first state is the creation of an access review plan.
Second stage is where the access is reviewed by designated users. On the final stage is where the results of the review is applied. So it's a very simple three stage process.
Let's look at a four stage.
This requires two processes fast. We create an access review plan.
For example, we can create a plan to review the assignment off the password administrative oh, on a shadow frequency
that could be weekly. That could be monthly or that could be quarterly. We can also configure an end date for the review
as part of the configuration, we can designate reviewers
on this could be selected reviewers, or we could even assigned users to review the own access if this you need it
after the configuration is completed. This goes to the next stage where the reviewers are notified.
They can either approve the request, are still been needed. All denied the access as no longer needed, and in some cases do viewer. It's not available to respond
After they handed Configured for the review,
this goes back to team to apply the result of the review. If the reviewer responded by approving all the night said in Access,
Kim can either automatically applied the results or wait for administrator to manually approve the results later. And this will be based on our we've configured to this. If the reviewer did not respond,
team can either live the existence states, approved the access, removed the access or take the system recommendation on what to do. So this will be based on usage. If the user has not logged in with dental today's the system will recommend that access be denied on removed.
Of course, it is upto house to configure
which off this options would like to be applied.
Quiz Question number one.
You have an agile A D tenants named Contest so that come
the tenant contents. The users shown in the following table
You configure on access review named Review one as shown in the following exhibit,
select the answer Choice that applies to the statement below.
If user to Fails to complete review by much. 2020 19.
Which of the following options were apply
few Frito Pasta recording to reveal the question closely.
If you're selected. Option number three,
which is that user to We returned the password administrative. Oh,
you would be correct. The access Review. That's conflict on the violence side. It's for self review The action toe take. If the reviewer does not respond, it sets to take the system recommendation. Because the user has logged in in the past 30 days, the system will recommend for the access to be kept.
Here's some supplementary links for further studies on the topics covered in this lesson on In the last lesson,
he has a somebody off what we covered in this lesson.
We start out by defining some important team terminology,
but then reviewed. Teamwork flows from tree perspective from that of an admission from that of a user or a rover requester on from that off a roll. Approve. Er,
we concluded with the discussion off access reviews in Pim.
Thanks very much for watching on. I'll see you in the next lesson.