Ensure Compliance with CIO Security Directives
Question
You are responsible for Azure and Office 365 security in your organization.
You have a Microsoft 365 E5 subscription.
To be compliant with new security directives from your CIO you must ensure that: - When helpdesk staff are assigned the User administrator role has time-limited permissions.
- They must use MFA to request the role before it is given.
What should you configure?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: A
You should configure a time limited eligible role assignment in Microsoft AAD Privileged Identity Management.
If you have been made eligible for an administrative role, then you must activate the role assignment when you need to perform privileged actions.
You can enforce a time limit and require MFA authentication on active assignments.
/answer/imgckeditor_10_18_16.png)
Option B is incorrect.
User management in Azure AD will not enable eligible role assignments.
This must be configured in Privileged Identity Management.
Option C is incorrect.
Office 365 Supervision is a feature that gives you the tools to monitor your employees' communications.
Option D is incorrect.
Security & Compliance permissions enables people to perform compliance tasks like device management, data loss prevention, eDiscovery, retention, and so on.
Reference:
To know more about privileged identity management, please refer to the link below:
To meet the compliance requirements of time-limited permissions and MFA authentication for assigning User administrator role to helpdesk staff in Microsoft 365 E5 subscription, you should configure "Microsoft Azure Active Directory Privileged Identity Management."
Azure Active Directory (AAD) Privileged Identity Management (PIM) is a feature that allows organizations to manage, control, and monitor the access of privileged roles in Azure AD, Azure resources, and Office 365. It enables users to request access to privileged roles on-demand, which can be granted only for a limited time period. This helps organizations to reduce the risk of misuse and unauthorized access to sensitive data.
The following are the steps to configure time-limited permissions and MFA authentication for assigning User administrator role to helpdesk staff in Microsoft 365 E5 subscription using Azure AD PIM:
- Sign in to the Azure portal using an account that has Azure AD Global administrator or Privileged Role administrator privileges.
- In the Azure portal, select Azure Active Directory from the left-hand navigation menu, then select Privileged Identity Management.
- Click on the Azure AD roles tab, then select the User administrator role.
- Click on the Assignments tab, then select the + Add assignment button to add a new user.
- Select the users who need to be assigned the User administrator role and click on the Select button.
- Under Assignment settings, configure the following options:
- Set the duration for the role assignment to a specific period, such as 24 hours or 7 days.
- Enable MFA authentication for the users who request the role before it is given.
- Configure notifications to be sent to administrators when the role is requested or granted.
- Click on the Add assignment button to save the assignment.
After completing these steps, helpdesk staff will be able to request the User administrator role with MFA authentication. The role will be granted only for the time period specified, after which the permission will be revoked automatically. This ensures that the User administrator role is not misused and helps to maintain compliance with the security directives from your CIO.
