Photo by Ari Sha on Unsplash
Zero-Trust Features and Tools for Identities in Entra ID
Key to the Fortress
Zero trust is not a specific action, but an ongoing process. Microsoft refers to it as a journey that never really ends. Why a journey? Because there is always something new to discover, and because existing technologies are critically questioned and new approaches examined in a cycle that constantly repeats.
Two issues pose specific challenges: On the one hand, the awareness that with zero trust, especially in the context of identities in Entra ID, particularly sensitive areas are accessed over the Internet, which changes the rules of the game. On the other hand, the mindset of many administrators is shaped by decades of working in classic on-premises environments, where domain controllers are protected by firewalls and identities are therefore relatively well secured. The situation with Entra ID is different, and you need to rethink because identity is the new perimeter.
Admin accounts, with access to comprehensive authorizations, are particularly vulnerable to criminal activity. Therefore, maximum security is essential for these accounts, which is exactly where the scenarios I look at here come into play. The objective is to use Entra ID to achieve a level of security that surpasses that of on-premises products.
The toolbox in Entra ID is comprehensively equipped for this purpose. One of the central tools it contains is Conditional Access policies, which are among the most powerful control instruments available to admins. They let you specify precisely who is allowed to access a specific set of resources and under which conditions. The mechanism behind policies is particularly useful for admin accounts and is made possible because a large number of signals are sent every time you log in to Entra ID or use an application. The signals then contribute to access decisions in the Conditional Access policy ruleset, among which are: On which device did the request originate? From which location? Which application did it target?
The policy
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Find Entra ID vulnerabilities with AzureADRecon
The AzureADRecon tool lets you analyze Entra ID environments, generate reports, and identify potential risks at an early stage by providing detailed insights into users, roles, and service principals. We show you how to set up, automate, and use the tool for security checks. -
Secure Active Directory with the rapid modernization plan
The rapid modernization plan by Microsoft is a practical guide to securing Active Directory, so criminals cannot gain access to privileged user accounts. -
Manage user accounts with MS Entra lifecycle workflows
Microsoft Entra unites key identity technologies, resulting in a centralized management tool for Azure Active Directory. We look at how MS Entra works in conjunction with a local Active Directory. -
Configure Entra ID with PowerShell Desired State Configuration
Configuration and security of authorization assignment and access control by Entra ID, formerly Azure Active Directory, requires careful consideration. We reveal how configuration as code works with PowerShell and Microsoft 365 DSC for tenant configuration in Entra ID. -
Microsoft Network Policy Server
Redmond's RADIUS implementation connects systems and provides secure authorization and logging.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
