Admin accounts have a significant risk exposure to enterprise organizations because they have access to potentially hundreds of services, accounts and settings that if compromised could wreak havoc on the organization’s overall security. As part of an overall enterprise security program, validating these accounts to ensure they are still active and being used by the right people ensures that the threat to these accounts is minimized.
Microsoft has now introduced a new “Security review” process as part of Azure AD Premium (which is itself part of the Microsoft Enterprise Mobility Suite bundle) that allows the security administrator to validate administrator accounts through the following process:
Security administrator picks a privileged role, such as Global Administrator, where they believe administrators might still be holding that role who no longer need it.
Azure AD sends each user in that role a notification, and they respond in the Azure portal whether or not they need still need that role.
The security administrator reviews the results to decide who to remove from the role.
The security review process is in addition to the existing features of the Privileged Identity Management service which provides global administrators the ability to:
- Discover and monitor privileged roles. The Azure AD PIM Dashboard gives you visibility into and tracking of users with privileged roles.
- Automatically restrict the time that users have these privileged permissions through on-demand “just in time (JIT)” activation of permissions for pre-configured time windows.
- Monitor and track privileged operations for audit purposes or security incident forensics.