{"id":3483,"date":"2020-10-02T08:58:41","date_gmt":"2020-10-02T07:58:41","guid":{"rendered":"https:\/\/www.lieben.nu\/liebensraum\/?p=3483"},"modified":"2020-10-02T08:58:41","modified_gmt":"2020-10-02T07:58:41","slug":"sensitive-group-protection","status":"publish","type":"post","link":"https:\/\/lieben.nu\/liebensraum\/2020\/10\/sensitive-group-protection\/","title":{"rendered":"Sensitive group protection"},"content":{"rendered":"\n

It is best practise in IT to secure access to resources with Groups. <\/p>\n\n\n\n

Membership of a security group means access to whatever resources are secured by that group. Sometimes these groups are self-managed by an owner, sometimes centrally. <\/p>\n\n\n\n

In all cases, fairly low privileged users, that are not global admins, can add users to these groups including themselves. Imagine that you have a group called ‘Global Admins’, and your helpdesk user assigns himself to that group<\/em>.<\/strong> You’d like to know right?<\/p>\n\n\n\n

With Privileged Access Groups in Azure AD (Preview) <\/a>you can protect groups like these actively, but, this requires a P2 license and still lacks some customization features.<\/p>\n\n\n\n

An alternative method is to use a simple alerting rule in MCAS (Microsoft Cloud App Security), where you set an alert when ‘someone’ joins a specific group, or if you want to do more than alerting you could also run an automation playbook.<\/p>\n\n\n\n

Here’s how to protect a specific Azure AD or Office 365 group with MCAS:<\/p>\n\n\n\n

  1. look up its GUID in AzureAD<\/li>
  2. Create an Activity Policy in the MCAS console<\/a><\/li>
  3. Specify the group GUID as ‘Activity object ID’ in the policy and the correct action type:<\/li><\/ol>\n\n\n\n
    \"\"<\/a><\/figure>\n","protected":false},"excerpt":{"rendered":"

    It is best practise in IT to secure access to resources with Groups. Membership of a security group means access to whatever resources are secured by that group. Sometimes these groups are self-managed by an owner, sometimes centrally. In all cases, fairly low privileged users, that are not global admins, can add users to these … Continue reading Sensitive group protection<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"categories":[7,21,26,43],"tags":[],"class_list":["post-3483","post","type-post","status-publish","format-standard","hentry","category-azuread","category-identity","category-microsoft-cloud-app-security","category-security"],"_links":{"self":[{"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/posts\/3483","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/comments?post=3483"}],"version-history":[{"count":0,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/posts\/3483\/revisions"}],"wp:attachment":[{"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/media?parent=3483"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/categories?post=3483"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/tags?post=3483"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}