Time
8 hours 33 minutes
Difficulty
Intermediate
CEU/CPE
9

Video Transcription

00:00
Hello, Siberians. Welcome to this demonstration on a joy 80 Privileged identity management.
00:07
This demonstration is part of the second Madu off the is that 500 Microsoft Azure Security technologies costs quick information on the task that will be completing in this demo.
00:18
We'll start by reviewing as your Eddie licensing to confirm that we have the right licence to use pain.
00:25
We also reviewed the pin console to familiarize ourselves with workspace that will be using
00:32
well, then configure on a giant evil in team
00:36
who proceeds to assign an eligible user to the conflict role
00:41
and finally validates what we've done by activating the eligible as to user.
00:48
Let's get into this
00:50
in the first task. Have reviewing my Joy D tenants to ensure that I have required licensing for pain.
00:57
How also reviewed the pin console in the azure pato.
01:02
So here I am in the azure Pato.
01:04
If I go to the left inside on, if I click on Azure Active Directory
01:10
now in a active directory, are growing the licenses on our click, and that's
01:17
now in licenses for quiet and select license features. Option
01:22
on. If I say for privileged,
01:26
I can see privileged identity management here, and I can see that it say's I currently have this feature available to me. That's because I currently have azure Haiti Premium P two.
01:38
Now, if I go on the Oprah docks to verify that I've assigned the license to uses, that will be using pain. So if I go ahead and click on Enterprise Mobility on Security Shoots, which also includes Azure Hey DPM,
01:53
I have the two users I'll be working with in this demo. Brenda and David on their signs, this license. So that looks good.
02:01
I haven't verified. A licensing will go over to the pin Conso to review the workspace. I'll be working him
02:07
if I click on the such option here. And if I search for privilege as I'm typing that I can see as you're a deep team option here. If I go ahead and click on that,
02:17
so here is the pin console will be spending the rest of our time
02:22
now in the first section we have tasks on. This is the area that will be performing the user on behalf of a workflow.
02:30
We have the section here called Manage On. This is a section that will be performing the administrative workflow him
02:38
in the nest. Ask or configure on a joy devote to be protected by Pim. Here's a visual representation of what will be doing
02:47
How become figuring the password administrative oh, to be protected by Pim. Our configure the maximum Activision time to two hours on our require justification on an approval for the vote to be activated.
03:04
So, back in the top photo, I have privilege identity managements to hoping
03:08
in the manage section how quiet and click on Azure. Hey, DeVos!
03:14
And if I go to the manage section out, click on roles here
03:19
and I can see a least off the a joy D rose that on board it's 2 p.m.
03:23
A. Joy DeVos are embodied automatically if you're using a new subscription. If I scroll down to what I get to pass, what Administrator and I can say the password administrative. Oh, here. So if I go ahead and click on that row
03:38
to configure the vote in Team, I just violently concertante
03:42
on here is the area where can configure the settings for this role.
03:46
Why don't click on edit?
03:49
How changed the maximum activation duration to two Howards because that's what we specified in our slide.
03:55
I live the options selected to require justification, and I'll select the option to require approval. How wide and configure and approve er on our search for David,
04:09
our select David click on Select
04:12
and there's nothing house that I really want to configure, but just to show you what the other options I If I go ahead to the assignment section, this is where I can specify if this vote can be permanently eligible or permanently active.
04:26
This is also the section work and configured notification
04:30
how Go ahead and click on update.
04:35
So now I have this vote configured in team.
04:40
So in the next ask, I'll be assigning on eligible user for the password administrative role.
04:46
Yes, official representation off What I'll Be Dean
04:48
have embodied the password administrative oh into a team
04:53
on what our bodies are being making Brenda eligible for the vote by having an assignment far.
05:00
So back in the azure Pato, I'm still under the privilege identity management console
05:05
and I'm under the password administrator option.
05:10
Now I have the option to have an assignment. Yes, if I go ahead and click on a hard assignment. I can say the option over here to select members on our click on members
05:18
on our click on Brenda Out, click on Select
05:23
and if I click on next. This is where I can specify the assignments. Type with illegible or active are lived at us. Eligible on. I'll leave that as permanently eligible
05:33
for Go ahead and click on a sign
05:36
once that's completed, Brenda has now being assigned as eligible to take on this role
05:44
in the next task. RB Validating what I've done so far by activating the password administrator role. Has Brenda
05:50
yes, official representation off. What are we? Dean?
05:55
I have Brenda already eligible for the passport administrator vote are very fighter. Brenda is not directly assigned to devote how logging is Brenda In another browser session on our attempts toe activates the password Administrative. Oh,
06:09
now what I'll do is out completes the justification process.
06:13
The approval request will go to David on our use, another browser session to complete that. Once that's completed, they will be assigning the vote Brenda for didja vision that's configured, which is to house
06:25
the first will allow dough is verified. The brain that does not have a direct assignment for the past one administrative. Oh,
06:32
so if I go, I didn't leak on users.
06:34
And if I select Brenda's account here
06:39
on, if I click undersigned Rose, I can see that Brenda currently does not have any direct assignments to Devo.
06:45
I'm back in the agile Pato logged in his Brenda. If I click on the such option here and such for privileged,
06:53
I can see as your Haiti privileged identity management. So if I go, I'd and click on that option
06:58
now. I told you earlier that the task area, that's what we completes the user and the approval workflow.
07:03
So if I go ahead and click on my roses, Brenda,
07:08
now brand, I can see the password Administrative. Oh, and you can see that she has the option to activate the road
07:14
if I go ahead and click on the activate option
07:17
Now, the configuration requires that Brenda provide a justification.
07:34
Having specified the justification,
07:36
go ahead and click on activates.
07:42
Now you can see the option here that says your request is pending for approval. So now a request has been sent to David to complete the approval process.
07:50
If I go back to my browser session logged in as David, if I go back to a privileged identity management under the test section,
07:59
I can see the option to approve requests. If I click on that option
08:05
on, if I go ahead and refresh the option, I can see that the request as common for password administrator off a Brenda.
08:13
Now, if I school for what
08:16
I can see information about when that was requested and the reason that Brenda specified,
08:22
so what I'll do is I'll click on the request
08:26
our enter my own justification for one my prevent this requests
08:35
and then I'll click on approve.
08:39
Once that's approved,
08:41
I should be able to verify that Brenda Now as the role assigned to her
08:46
on the left hand side. If I click on Azure 80
08:50
on If I click on uses
08:54
on In Users free click on Brenda.
08:56
And if I go on their assigned Rose, I can see that the password administrator has now been assigned to Brenda.
09:03
So here's a somebody off the tax double completed in this demonstration.
09:09
We started by Ravine as you hated licensing to confirm that we have the right licence to use team wouldn't configured on a giant devote the password administrator row to be protected in team
09:20
we proceeded Star sign a user to be eligible to that role, which is the user, Brenda.
09:26
And finally we concluded by validating what we've done by activating devote as Brenda.
09:33
Thanks very much for watching on. I'll see you in the next lesson.

Up Next

AZ-500: Microsoft Azure Security Technologies

In the AZ-500 Microsoft Azure Security Technologies training, students will learn the skills that are needed to pass the AZ-500 certification exam. All exam topics are covered as well as exam preparation strategies and hands-on practice.

Instructed By

Instructor Profile Image
David Okeyode
Cloud Security Architect
Instructor