Lead Image © Aliaksandr Marko, 123RF.com
Manage user accounts with MS Entra lifecycle workflows
Come On In!
Zero trust means testing everything you want to allow into an environment in which, initially, nothing is allowed. It is a very important aspect of the modern IT world. Protecting hybrid infrastructures, in particular, is more critical than ever, starting with security for data centers and extending to securing user devices.
Somewhere in between sits a very important building block of the zero trust puzzle: identity and access. A strategy for responsible and up-to-date use of identities is more important than ever and not always easy in a world where, for decades, directory services exclusively stored user accounts and everything that went with them on domain controllers (DCs). These DCs continue to perform their duties in well-protected zones behind firewalls.
In the public cloud, hybrid setups with Azure Active Directory (AAD) are no longer unusual. You need to keep an eye on the local directory data and include Azure AD in your scope of activities. AAD offers new functions that are only a dream for admins of a local AD.
Unfortunately, it is not always easy to work with this toolbox. Many of the features reside on AAD dashboards, and various tools reside in separate areas on the Azure portal, such as Identity Protection (IdP) or Privileged Identity Management (PIM). Microsoft Entra [1] combines these functions, seeing itself as a toolbox that bundles previous technologies on a portal, while adding new features. In this article, I open up the toolbox and look at the options available for automating the user account lifecycle. Note, however, that only the Public Preview was available for review at the time of writing. Because hybrid is an important topic, I also take a look at the requirements in terms of interaction with the on-site infrastructure to ensure smooth operations.
Identity Lifecycle
The heart of an IT
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Related content
-
Find Entra ID vulnerabilities with AzureADRecon
The AzureADRecon tool lets you analyze Entra ID environments, generate reports, and identify potential risks at an early stage by providing detailed insights into users, roles, and service principals. We show you how to set up, automate, and use the tool for security checks. -
Backup and Restore in Entra ID
Data backup is often overlooked in Microsoft Entra ID. User accounts, groups, and Conditional Access policies need targeted protection. We tell you which objects are backed up automatically, where you need to take action, and how you can effectively combine backups and documentation. -
Secure Active Directory with the rapid modernization plan
The rapid modernization plan by Microsoft is a practical guide to securing Active Directory, so criminals cannot gain access to privileged user accounts. -
Recovering from a cyberattack in a hybrid environment
Restoring identity is an important part of disaster recovery, since it lays the foundation for restoring normality and regular operations. We look into contingency measures for hybrid directory services with Entra ID, the Graph API, and its PowerShell implementation. -
IAM for midmarket companies
We look at the role of identity and access management in midmarket organizations.