Sign up to save your podcasts
Or
Share Common PIM mistakes
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Common PIM mistakes
In this episode, the hosts discuss Privileged Identity Management (PIM) and common misconceptions and mistakes related to its configuration. They cover topics such as configuring MFA in PIM, different MFA experiences, mitigations for MFA in PIM, authentication context in PIM, requiring approval to activate roles in PIM, considerations for role activation, mitigating role lockout, and using PIM for non-Microsoft apps. They also highlight the ability to use PIM for non-Azure resources, expanding its functionality beyond traditional Azure roles.
Takeaways
Privileged Identity Management (PIM) allows for just-in-time activation of privileged roles.
Configuring MFA in PIM can have different experiences depending on the authentication method used.
Mitigations for MFA in PIM include setting a lower sign-in frequency and not allowing persistent sessions.
Authentication context in PIM allows for additional conditional access policies to be applied after authentication.
Requiring approval to activate roles in PIM can help ensure proper oversight and control.
Mitigating role lockout in PIM involves having a break glass account for emergency access.
PIM can be used for non-Microsoft apps, allowing for just-in-time elevation of privileges.
Expanding PIM to non-Azure resources opens up new possibilities for managing privileged access.
-------------------------------------------
Youtube Video Link: https://youtu.be/uagtZ4KyB8k
-------------------------------------------
Documentation:
https://campbell.scot/pim-common-microsoft-365-security-mistakes-series/
----------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Threads: https://www.threads.net/@bluesecuritypodcast
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
Twitch: https://www.twitch.tv/bluesecuritypod
-------------------------------------------
Andy Jaw
Mastodon: https://infosec.exchange/@ajawzero
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: [email protected]
-------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: [email protected]
View all episodes
By Andy Jaw & Adam Brewer
4.7
1515 ratings
In this episode, the hosts discuss Privileged Identity Management (PIM) and common misconceptions and mistakes related to its configuration. They cover topics such as configuring MFA in PIM, different MFA experiences, mitigations for MFA in PIM, authentication context in PIM, requiring approval to activate roles in PIM, considerations for role activation, mitigating role lockout, and using PIM for non-Microsoft apps. They also highlight the ability to use PIM for non-Azure resources, expanding its functionality beyond traditional Azure roles.
Takeaways
Privileged Identity Management (PIM) allows for just-in-time activation of privileged roles.
Configuring MFA in PIM can have different experiences depending on the authentication method used.
Mitigations for MFA in PIM include setting a lower sign-in frequency and not allowing persistent sessions.
Authentication context in PIM allows for additional conditional access policies to be applied after authentication.
Requiring approval to activate roles in PIM can help ensure proper oversight and control.
Mitigating role lockout in PIM involves having a break glass account for emergency access.
PIM can be used for non-Microsoft apps, allowing for just-in-time elevation of privileges.
Expanding PIM to non-Azure resources opens up new possibilities for managing privileged access.
-------------------------------------------
Youtube Video Link: https://youtu.be/uagtZ4KyB8k
-------------------------------------------
Documentation:
https://campbell.scot/pim-common-microsoft-365-security-mistakes-series/
----------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Threads: https://www.threads.net/@bluesecuritypodcast
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
Twitch: https://www.twitch.tv/bluesecuritypod
-------------------------------------------
Andy Jaw
Mastodon: https://infosec.exchange/@ajawzero
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: [email protected]
-------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: [email protected]
More shows like Blue Security
View all
Security Now (Audio)
2,002 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
371 Listeners
Risky Business
376 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
652 Listeners
CyberWire Daily
1,022 Listeners
Smashing Security
321 Listeners
Darknet Diaries
8,017 Listeners
Cybersecurity Today
177 Listeners
Hacking Humans
314 Listeners
CISO Series Podcast
189 Listeners
Defense in Depth
74 Listeners
Cyber Security Headlines
136 Listeners
Risky Bulletin
46 Listeners
The 404 Media Podcast
315 Listeners
Entra.Chat
5 Listeners