Azure Active Directory Privileged ID Management Service Workflow Enhancements
This week Microsoft is showing off two Azure Active Directory Privileged Identity Management service improvements.
The service was commercially released back in September, but it is now getting previews of a new approval workflow feature plus a new audit history feature. Those improvements can be tested if an organization has an Azure AD Premium P2 subscription or is using a trial subscription (such as Microsoft's 90-day trial of the Enterprise Mobility + Security E5 offering).
The approval workflow feature is a revamped user interface that lets a user request access privileges for a specific network role. The request typically gets reviewed by a global administrator, who can see the requests within the Azure Portal. The requests can then be approved or denied, either individually or in bulk fashion. Requestors get an e-mail when a role is approved. Similarly, global administrators get notified of a pending request.
Next, Microsoft is previewing a "My Audit History" feature in the Azure AD Privileged Identity Management service. It will show end users the status of their role requests.
The point of the Azure AD Privileged Identity Management service is to limit access privileges among IT staff within an organization, with control maintained by a global administrator. One of its main features is a "just in time" capability that permits access to be granted for just a set period of time. The idea is to stem possible elevation-of-privilege types of attacks, which perhaps can spread when an organization loses track of the network access privileges that have been allocated.
Azure AD Privileged Identity Management service works across Office 365, Intune, Azure AD and other Microsoft services. It works not just with staff, but can be used to control network access by contractors and vendors.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.