Saturday, May 5, 2018

Office 365 Privileged Access Management

There was a Preview announcement for the Privileged Access Management feature.  This feature is super exciting to hear about and really demonstrates how mature Microsoft Office 365 is in its delivery of security services for their customers.

Privileged Access Management is a feature to help customers provide limited privileged rights to administrator functions.  Doing this provides greater control, oversight and audit trail to what customer Office 365 administrators can do.

Since the beginning, Microsoft has had a solution called the Lockbox.  This is a Just-in-time (JIT) access solution that manages all Microsoft administrator access to Office 365 itself.  Microsoft has standing privileges to Office 365 and all our access to the environment is controlled through this.  We even created a solution called Customer Lockbox, which allows customers to approve Microsoft to manage aspects of the Office 365 environment if access to their customer data was needed as part of a support operation.

Apparently, customers liked the Lockbox concept so much, they wanted a similar capability to manage their Office 365 Admin users.  This is the new Privileged Access Management solutions.  Customers have the ability to create policies where Office 365 Administrators can make requests to perform specific actions.  This will initiate workflow approvals to allow them to perform those actions for a specified period of time.  All of this auditable.  Wow.  This is huge.

Customers always have risks of insider threats, and this can help control that access.

Note this solution does required the Advanced Compliance Office 365 E5 SKU.

Reference -

No comments: