Sign up to save your podcasts
Or
Share Common PIM mistakes
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Common PIM mistakes
In this episode, the hosts discuss Privileged Identity Management (PIM) and common misconceptions and mistakes related to its configuration. They cover topics such as configuring MFA in PIM, different MFA experiences, mitigations for MFA in PIM, authentication context in PIM, requiring approval to activate roles in PIM, considerations for role activation, mitigating role lockout, and using PIM for non-Microsoft apps. They also highlight the ability to use PIM for non-Azure resources, expanding its functionality beyond traditional Azure roles.
Takeaways
Privileged Identity Management (PIM) allows for just-in-time activation of privileged roles.
Configuring MFA in PIM can have different experiences depending on the authentication method used.
Mitigations for MFA in PIM include setting a lower sign-in frequency and not allowing persistent sessions.
Authentication context in PIM allows for additional conditional access policies to be applied after authentication.
Requiring approval to activate roles in PIM can help ensure proper oversight and control.
Mitigating role lockout in PIM involves having a break glass account for emergency access.
PIM can be used for non-Microsoft apps, allowing for just-in-time elevation of privileges.
Expanding PIM to non-Azure resources opens up new possibilities for managing privileged access.
-------------------------------------------
Youtube Video Link: https://youtu.be/uagtZ4KyB8k
-------------------------------------------
Documentation:
https://campbell.scot/pim-common-microsoft-365-security-mistakes-series/
----------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Threads: https://www.threads.net/@bluesecuritypodcast
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
Twitch: https://www.twitch.tv/bluesecuritypod
-------------------------------------------
Andy Jaw
Mastodon: https://infosec.exchange/@ajawzero
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: [email protected]
-------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: [email protected]
View all episodes
By Andy Jaw & Adam Brewer
4.7
1515 ratings
In this episode, the hosts discuss Privileged Identity Management (PIM) and common misconceptions and mistakes related to its configuration. They cover topics such as configuring MFA in PIM, different MFA experiences, mitigations for MFA in PIM, authentication context in PIM, requiring approval to activate roles in PIM, considerations for role activation, mitigating role lockout, and using PIM for non-Microsoft apps. They also highlight the ability to use PIM for non-Azure resources, expanding its functionality beyond traditional Azure roles.
Takeaways
Privileged Identity Management (PIM) allows for just-in-time activation of privileged roles.
Configuring MFA in PIM can have different experiences depending on the authentication method used.
Mitigations for MFA in PIM include setting a lower sign-in frequency and not allowing persistent sessions.
Authentication context in PIM allows for additional conditional access policies to be applied after authentication.
Requiring approval to activate roles in PIM can help ensure proper oversight and control.
Mitigating role lockout in PIM involves having a break glass account for emergency access.
PIM can be used for non-Microsoft apps, allowing for just-in-time elevation of privileges.
Expanding PIM to non-Azure resources opens up new possibilities for managing privileged access.
-------------------------------------------
Youtube Video Link: https://youtu.be/uagtZ4KyB8k
-------------------------------------------
Documentation:
https://campbell.scot/pim-common-microsoft-365-security-mistakes-series/
----------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Threads: https://www.threads.net/@bluesecuritypodcast
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
Twitch: https://www.twitch.tv/bluesecuritypod
-------------------------------------------
Andy Jaw
Mastodon: https://infosec.exchange/@ajawzero
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: [email protected]
-------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: [email protected]
More shows like Blue Security
View all
Acquired
4,826 Listeners
Pivot
9,772 Listeners
Security Now (Audio)
2,007 Listeners
WSJ Tech News Briefing
1,651 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
371 Listeners
Risky Business
373 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
649 Listeners
CyberWire Daily
1,028 Listeners
Smashing Security
320 Listeners
Microsoft Cloud IT Pro Podcast
64 Listeners
Cybersecurity Today
176 Listeners
Defense in Depth
74 Listeners
The Azure Security Podcast
26 Listeners
Cybersecurity Headlines
139 Listeners
Entra.Chat
5 Listeners