Summary

Completed

This module examined Identity management. Identity management is the process of ensuring users in your organization have just the right privileges to complete the tasks they need to accomplish. The goal of Privileged Identity Management (PIM) is to avoid assigning excessive privileges to users. Failure to do so may lead to exploitation of privileges, which results in users who can do tasks that are above their grade.

Privileged Identity Management is an Azure Active Director service that enables organizations to manage, control, and monitor access to important resources in your organization. These include resources such as Azure AD, Azure, Microsoft 365, and Microsoft Intune.

In this module, you examined how PIM enables organizations to minimize the number of people who have access to secure information or resources. By doing so, PIM reduces the chance of a malicious actor getting that access, or an authorized user inadvertently impacting a sensitive resource. You also learned how PIM enables you to manage, control, and monitor access to important resources in your organization.

You learned that because users still must carry out privileged operations, organizations can give users just-in-time privileged access to Azure resources and Azure AD. There's a need for oversight for what those users are doing with their administrator privileges. This module explored how PIM audit history enables you to see all the user assignments and activations within a given time period for all privileged roles.

Besides PIM, this module also examined Microsoft Identity Manager and Microsoft Purview Privileged Access Management (PAM). Identity Manager helps organizations manage the users, credentials, policies, and access within their organizations and hybrid environments. You also learned how PAM provides granular access control over privileged admin tasks in Microsoft 365.