In Part 01 of Microsoft Defender for Identity blog series, I have explained about Microsoft Defender for Identity and it’s benefits. I also talked about the prerequisites. In that list, I mentioned that we required Directory Service Account(DSA) to connect to Active Directory forest.
There are two types of DSAs we can use for this task.
1) Regular Active Directory user account
2) Group Managed…
In an organization, users are required access to many different groups, applications, and sites to do their day-to-day tasks. Sometimes there can be external organizations that also required access to these various resources. As access requirements change frequently, it is quite challenging for IT administrators to manage access. As a solution to this problem, we can use Azure AD access packages…
In my previous blog post, I have explained how we can collect custom attribute values by using Azure AD user flows. We had custom attributes setup in Azure AD and when a guest user accesses an application for the first time, the values for these custom attributes will be collected by using user flows. Azure AD entitlement management feature does identity governance by allowing organizations to…
Attributes can explain an object more precisely. Active Directory object types have predefined attributes which can use to store values and use later (query) when required. Active Directory schema also accepts custom attributes. Based on business requirements some time organizations will have to introduce custom attributes to object classes. On most occasions, it is related to application…