This may fit for employees on permanent assignments, with standing permissions. However, to avoid risks of standing permissions, we strongly believe in a just-in time approach and only grant access when required, together with a certain time limit. Within the Microsoft Cloud environment this can be achieved by using the Privileged Identity Management solution and capabilities.
Suppose on the Microsoft Office part, the administrative roles like the MS Teams administrator or User administrator can be provided as temporary role with a time restriction of 1 hour and perhaps additional approval. In that case, the supporting team member does not have the role constantly activate (also called ‘standing permission), but can activate it whenever it is actually required to perform the task at hand.
Once the request for activation is submitted, the supporting team member could either be required to provide his or her multi factor authentication or there could be an approval required by one of the support team mates. Depending on the organization requirements and processes this can be configured.
The PIM solution also supports the many built-in- and custom roles defined in the Microsoft Azure cloud environment, like a ‘contributor’ on subscriptions, resource group or resource level etc. For the infrastructure development, support and operational roles the advantage here is to allow this high-privileged permissions with additional approval and time limited fashion. Again no permanent standing permissions are required and just-in-time permissions can be activated by the user when they are eligible to do so.
Due to the fact that many cloud environments are rapidly growing, whereby lots of subscriptions and resources are deployed together with the operational shift to work in an Agile or DevOps delegated manner, the management and control of privileged access is becoming more important.
Traxion supports companies by designing the process, access model and implementing the privileged identity management solutions needed, to ensure control of privileged access towards your Microsoft Cloud environment .
Are you interested in how Traxion can support you with Privileged Access in the Microsoft Cloud?Contact us
Koen Ayels - Head of ICT I Aquafin
Traxion scores very high on know-how, approach, quickness of response and thinking along.