课程: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection

Microsoft Entra ID Governance - Microsoft Security Copilot教程

课程: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection

Microsoft Entra ID Governance

- [Instructor] Microsoft Entra Identity Governance helps organizations ensure the right people have the right access to the right resources at the right time. Identity governance is important to organizations because it addresses some key governance questions. For example, who can access which resources? What are users doing with their access? Are our access controls effective? And can auditors verify these controls? By leveraging identity governance, organizations can effectively govern three critical workflows, including identity lifecycle, access lifecycle, and a privileged access lifecycle. The identity lifecycle refers to the process of managing a user's identity. It typically follows a human resources workflow. It starts with a no access status. When a new employee joins the company, an identity is created. As the employee moves to new roles, the identity and the associated privileges are updated. When the employee leaves the company, the identity is deactivated or removed, returning to the no access status. Access lifecycle refers to the process of managing access permissions to resources. It starts with a no access status. When needed, a user is assigned a certain level of access rights to specific resources. As the user's role changes, the access permissions to the scope of resources are updated accordingly. The existing accesses need to be reviewed periodically to ensure they are still correct and necessary. When access is no longer needed, it's removed. Privileged roles like a global admin, user admin, and application admin have higher access permission to critical resources. So it's important to secure the privileged access lifecycle. It starts with a no privileged role status. When needed, an eligible user is assigned the first privileged role. As the job responsibilities change, privileged roles are updated accordingly. When the user leaves, the associated privileged roles are deactivated or removed, returning to no privileged role status. Now let's look at identity governance in the Microsoft Entra Admin Center. Microsoft Entra Identity Governance helps organizations improve productivity while meeting security governance and compliance requirements. It provides capabilities including entitlement management, for managing the identity and the resource access lifecycle at scale. Access reviews to ensure users or guests have proper access and still needed. Privileged identity management to reduce the risk of privileged access to critical resources and the Lifecycle workflows to automate the employee join, move, and the leave process.

内容