User and Group Security Part 1: Introduction to Identity Access Management
6 hours 59 minutes
Welcome back, Sudbury ins
to the M s 3 65 Security Administration course
I'm your starter, Jim Daniels.
And today we're going to start module to identity and access.
Lesson one, user and group security, part one. Introduction and overview of identity access management.
In this lesson, you will undoubtable you learn about the evolution of identities, technology.
identity is foreign organizations, security and the process of establishing a dent in it. Governance.
Again, I like means like pop culture. Our dad jokes. So you will find some of this scattered throughout these lessons.
Steve Carell love him.
I changed all my passports. Incorrect. So whenever I forget,
it will tell me your password is incorrect.
you have. The employees always forget their password isn't working.
They don't know why.
They always say, Hey, I haven't been fired. I haven't received my notice yet.
You know that password humor,
evolution of I T threats and the Microsoft identity security.
We here we have three different roads. We have one that's the identity of first of myself, actually took the technology,
identity and trends of the time
and the actual information technology that it encompassed.
So first local identities.
They were within your network within your location. Mainframes, PCs.
we move toward Enterprise. Single sign on and two finger
you may be you have data centers that are spread out across multiple sites.
You have mobile devices that connect through the Internet. Maybe they're going through a VPN
back into your network
for this one. They take the domains they build on it
with enterprise Active directory as a replacement of the old Windows anti domains.
We also have smart card authentication.
is more of a hybrid and Federated Cloud Identity.
We have everything before multiple data centers, mobile devices. But now we have more cloud cloud services. We have more Internet of things.
We have, ah, scatter information. You know, we may have a camera dump over here. Everything is flexible. Demands flexibility with, as right of directory,
passport of this authentication and hardware credential isolation. We're gonna go over some of these in specific detail as of course goes on. But as of now,
you need to recognize that in the beginning,
identity a day and security is totally different than it is now. He has really evolved into how we see it today is everywhere.
Some of the challenges that faces you with identity management.
73% of all passwords do focus.
8% of employees using unapproved APS Shadow I t.
81% of breaches or calls by credential theft.
See where we're going with this. So let's say your employees use
They use Facebook.
They have a Facebook account.
Maybe it is or isn't related to their work.
Facebook gets compromised
because the employee doesn't want to remember more than one password or variation.
All of a sudden, whoever has their Facebook information,
they know where they work. They can figure that out, and they're trying to log into their work account.
Past four is the same burned around
passwords and identity. This is where
security is really yelling. There is a focus on identity. It's the new perimeter.
The stages of evolution has your physical
network, your castle and moat, if you will.
Nothing was poked outside. There were no holes. Then we went to more of a network. Or maybe you have a D M Z. That was open up the certain applications. You have multiple data centers, multiple sites now, its identity
himself, controlling the physical access.
You look at the person, the attributes they belong to and you give them permission. Based on that, you give them just enough for mission that they need to do their job.
Dad, Jerk, Are you ready?
Which cheese protects a medieval castle?
If you've been staring this Saad, you're I know the answer. I'm a safe anyway. Move, Zarella.
Hopefully, I got at least five chuckles
ai role and a sigh somewhere. That's always best with the dad drinks. Get a solid I roll.
All right. Next, let's take a look at the identity governance process.
This will be how Microsoft recommends you flow in your process to get identity governance up and go. Number one, use the plane for users and groups.
You have to have a plan. What? You're naming scheme.
What policies were you gonna have? How is your creation has determination you need to plan for
If you don't have a plan ahead of place,
you're going to be changing and chemical processes on the fly, which isn't optimal
number. To secure your privilege Identities
plan. How you gonna secure your global admin? Camels?
Eternal wish users will even have that access level
number three. Configure hybrid identity
for the hybrid environments you want. Determine which on premise, identity and director you want to sink
with as right of directory.
You want to determine
basically your authentication. Method
configure. Secure user authentication. Plan to set multi factor authentication as a second level layer of security for your users.
Determine how you're going to configure second authentication method when I'm per user account basis
for five. Simplify access for users.
If you can get five conditions
to work in 100 different scenarios, that is, must bear,
then having 50 different scenarios with 50 different conditions.
Don't make them jump through hoops that they don't have to.
There's always that line between security and usability.
That depends on what compliance considerations you have, What legal ramifications and your organization. Security posture.
Finding that balance
between all of that
is a really delicate process.
utilize groups for easier management
work smarter, not harder.
We're gonna go over different ways. You can use groups either manually assigned,
um or dynamically a sign
to make your day to day management easier.
So in recap, M s 3 65 takes a comprehensive approach to identity security.
Identity has involved and has of all really quickly as the new perimeter and cybersecurity
establishing an identity governance system provides organizations a solid foundation
to Dota farm
her for you found this wasn't useful
and hopefully I will see you back for the next lesson.