AZ-304 Microsoft Azure Architect Design – Design a Monitoring Strategy for Identity and Security
1. Using Privileged Identity Management Alerts
So let’s wrap up the discussion of identity and security with a discussion of monitoring identity and security. Now monitoring is always going to be a key feature. We’ll talk about it when we’re talking about data. We’re going to talk about it in other sections of this course. But monitoring identity is something that some people don’t even think to do. They set up the security, they make their Azure ad managing the user and passwords, and maybe they use Privilege Identity Management to add additional layer security for administrators.
They use conditional access to prevent some of those obvious attacks. And it would be good to be able to set up a type of monitoring or reporting for some of these things. Now you can set up alerts. Azure’s privileged identity management module does have an alert feature. If we go into it, we can see under PIM, under roles, you can see alerts and there’s some predefined alerts. So you don’t even have to sort of dream up what it is that you want to be alerted about. If there are too many administrators, that’s an alert. If there is roles that are being assigned outside of privileged identity management, that could be an alert, et cetera.
And so setting up the security such that if people are doing things that you want to be notified about, there’s five of them on screen that you predefined that you can choose from. Those are basically a predefined set of potential policy violations and so you can just sort of choose from that list. Now under each of those, like it says, too many administrators.
Well, what is too many? You can go into each of those alerts and there’s going to be settings and you can say, okay, I want to be notified if there’s more than ten global administrators on my account. And for your organization, that would be like an excessive number for other organizations that might not be. So for instance, one of the alerts says administrators aren’t using their privileged roles. So if you are given administrator permissions, but you haven’t actually used an administrator permission in 30 days, well that could be something that needs to be alerted about. So in this case you can just set that and you see you the slider looks like it can probably go up to six months or more. So you can just basically choose what is an appropriate amount.
2. Other Ways to Monitor the Security of Identity
So we’re talking about monitoring of identity and security. And what is basically our approach to monitoring identity security? Well, our approach is basically to start from the beginning. You know, if we look at identity, the fact that you’ve got maybe tens of thousands of users in your organization and they’ve all got various levels of permission, it’s a very daunting task to try to ensure that everyone’s got the right levels of permission and that unauthorized people are not getting in. And we can really look at identity as being this sort of the doorway, right? There’s probably other ways to hack into your system that is not relating to identity.
But if someone can get that working, administrator, user ID, and password, and that’s all they need to get into your application, well, it’s like having the key to your house. So identity is the door and you want to secure that door. What I would suggest is that we start when we’re doing auditing and monitoring, is we want to start from the very beginning. A lot of companies have an on premises Active Directory and are using a synchronization tool to synchronize that into Azure ad. Well, if your on premises ad is not secure, well, then those people are going to be able to get into your Azure Accounts and your Azure Ads. So security is going to start with your on premises ad. Who has access to that and how is that controlled outside that? The scope of this course obviously talk about securing on premises Active Directory, but that’s where it starts.
So your security of your entire system is the root, the seed, if you will, is the on premises Active Directory. We use Ad Connect to get from our on premises Active Directory users into Azure Active Directory. We already talked about Ad Connect health to make sure that is working and secure, getting various reports about how the synchronization is going. You can monitor Ad Connect in order to monitor the health of the connection. When you go into Azure, you can go into Log Analytics. Now, Log Analytics allows you access to various security logs. So Log Analytics has a back end connection into subscriptions and resource groups and IAM itself.
And so if you want to see who’s getting access, who’s denied access, you can set up and run reports within Log Analytics. Another policy and strategy, of course, is to make sure your systems are up to date. We’ve seen examples in the past few years of companies who didn’t have a patching strategy or let some of their Java struts versions get out of date and there becomes a known exploit and those systems can basically be hacked. And so making sure that you’re running Firewalls Antivirus and all your OS is making sure that all of your software that you’re being used is up to date in terms of the latest patches. Pay attention when the companies are coming out and saying patch. Now we’ve got a vulnerability that is now a zero day exploit. Get that updated. That’s part of the policy. And you’re going to have to ensure as the security part make sure the people that are running those systems are not falling.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »