lornosaj@lemmy.worldtoSysadmin@lemmy.ml•How are you identifying least privileged access in 365?
5·
1 year agoCreate a model based on processes? Eg least priv for helpdesk for passwords, machine/intune mngt, etc., call it L1. Then add some roles for reporting, wiping/isolating machines or similar for the security team (call it L2 admin), etc.
Honestly, it depends on your role within the company as well - if you are a CxO or from IAM/UAM domain, then you can just define a model for this particular “tool” and announce the upcoming change (ie prepare the roles and all, and then clean up existing roles/accesses) that X will happen in next, lets say, 45 days. This will make everyone jump on you of course, buuuuut thats what you want, as at least you will suddenly get people msging you regarding the “why” they need xyz role - et voila you now have your high level list of processes; adjust roles where needed and continue.
My view on this is that it also kinda depends on the company hierarchy and its sector, but you should be a little dictator - youll reap the rewards for being effective; its the others who ignored your call2action who are to blame :D