230 likes | 308 Views
Privileged access management in Office 365. Modern Realities. 8 in 10. $3.8M. 2.7x. Breaches that occur involve privileged credentials. The average cost of a data breach to a company. The cost of non compliance more expensive than cost of compliance. Threats to privileged admin accounts.
E N D
Modern Realities 8 in 10 $3.8M 2.7x Breaches that occur involve privileged credentials The average cost of a data breach to a company The cost of non compliance more expensive than cost of compliance
Threats to privileged admin accounts Title Steals sensitive data 1 Rogue Admin Executes commands that contain sensitive data Uses privileged account with standing access Sensitive data copied to external storage 2 Malicious Attacker Targeted Phishing attack
Title MICROSOFT CONFIDENTIAL
Title MICROSOFT CONFIDENTIAL
Compliance obligations related to sensitive data Title Regulatory Other Contractual Customer Agreements Internal Security Requirements GDPR – General Data Protection Regulation HIPAA – Health Insurance Portability Accountability Act SOX – Sarbanes Oxley NERC CIP – North American Electric Reliability Corporation for Critical Infrastructure Protection Requiring accountability, evidence and documentation
Benefit from the security rigor of the Microsoft Cloud Title The principle of zero standing access. Just in time and just enough access Privileged admin workflow Logging and auditing Customer Microsoft Manager Microsoft Service Engineer Lockbox system Customer Privileged admin access with JIT/JEA
Title Privileged access management in Office 365 Just Enough Access Just in Time Access Privileged Admin Workflow Audit-ready Protect and control privileged access to your organization
Control access more granularly at Office 365 workload task level Task based access control can control access more granularly for high risk tasks. Example high risk tasks include journaling rule, transport rules, mailbox exports. Approvals can be set automatically or manually.
How privileged access management in Office 365 works Office 365 Substrate PAM Policies 1. Set your policy • After you turned on feature: • Select policy type – this can be role or task. Role can provide role based access control by Task can provide task based access control. • Tasked based access control is based on set of identified tasks within Office 365 workload • Tasks can be set to auto or manual approval –manual will require elevated permissions to get privileged access to run the task. 3 PAM Office 365 Workload Tasks 1 2 Global Admin
How privileged access management in Office 365 works Office 365 Substrate PAM Policies 2. Approving requests Request • For tasks set to require manual approvals, the admin requesting privileges need to elevate permissions to run the task. • In PowerShell requesting access can be done running PowerShell cmdlet ‘New-Elevated Access Request’. • The system will require certain information such as time required, for which user, and why they are requesting access. • The approvers receives email notification and logs into Admin center to approve/reject access. 2 PAM 3 Tasks Approver 1 Requestor
How privileged access management in Office 365 works 3. Reviewing Audit logs • All activity is logged and auditable. • Activity includes, who is requesting access, when privileged access was requested (auto and manual), for what task, who and when access was approved (manual) and for how long. • Detailed information provides more information such as the reason for the request, IP address, ect.
Get started today! • Privileged access management in Office 365 is in public preview starting today • https://previews.office.com/ with code PAM044
Title Compliance Capabilities in Office 365