081: Discover & remediate existing over privileged accounts

Overview

Based on business requirements, re-assign users with excessive permissions to least privileged roles.

For existing privileged roles, analyze, update, and assign the least privileged role where possible. This effort should consist of several steps:

• Define a written organizational policy regarding least privilege roles
• Analyze role usage in the organization to understand what tasks are regularly performed and which roles best align to those tasks
• Create evidence to show which role assignments may need to be reduced based on analysis and investigation
• Update business processes to ensure that least privilege roles are evaluated on a regular basis. If a user stops using privilege granted to them then there should be a process to lessen the permissions they possess over time.

Reference

• API concepts in Privileged Identity management - Microsoft Entra ID Governance | Microsoft Learn