ETWorkshops

Challenge 4: Monitor for ongoing impact

Objective: Review activity and define alerts

Details:

With the immediate concerns of inactive and over-permissioned accounts dealt with, you have been asked to investigate the other capabilities of Entra Permissions Management and determine how to get the most value out of the solution on an ongoing basis.

The CISO would like to understand changes to the Permission Creep Index and include the daily variation figures in their monthly reporting.

In addition, one of your team has expressed an interest in creating custom PowerBI dashboards as they would like to try visualizing activity by users across all Azure subscriptions to better understand normal patterns of use. To keep it simple they have asked you for the data from a single day only to start with.

The security team is keen to ensure alerts are being generated for risky behaviour and, where possible, that the product would take action to reduce the risk. All alerts should be sent to servicedesk@contosomortgage.com so they can be logged in the service management platform.

Success Criteria:

  1. Demonstrate the visualizations for the PCI changes over time, and produce an export that could be used in your own reporting.
  2. Generate a simple list of all activity performed in Azure over a single day highlighting only the user, resource, task, and date.
  3. Create an alert trigger for each of the four categories and ensure they are configured to notify the Service Desk.
  4. Configure an on-demand rule that would remove permissions for applications or managed identities if they are not used in 60 days.
Introduction Background Challenge 1 Challenge 2 Challenge 3 Challenge 4 Challenge 5 Summmary
link link link link link link link link
This site is open source. Improve this page.