One of the greatest risks to businesses today is the over-assignment of rights, permissions, and privileges to employees.  Therefore, CISOs, managers, etc. are all taught to adopt the concept of “Least “Privilege”.  This is where you give your employees just enough of what they need to conduct their daily job tasks, no more and no less.  To make this more effective to organizations, Microsoft has created a new tool called the “Permissions Management Dashboard”, and is further examined in this article.

What Is It???

Essentially, it provides you with an overview of all of the permissions and even privileged accounts that your IT Security team has assigned to all of the employees in your company, What is unique about this tool is that it is not just native to Microsoft Azure, you can also use it to check the level of permissions that have been assigned in all of the other major Cloud Platforms, such as those of the AWS and the Google Cloud Platform (GCP).

To access this, follow these steps:

  • Go to the Dashboard on the home page of the Permissions Management tool.
  • From the drop-down menu of the “Authorization Systems Type”, select the Cloud Platform that you want to access: AWS, Azure, or GCP.
  • From the box menu that then appears, select “Authorization System” to get a detailed listing of all of the employee accounts and their corresponding folders.
  • Select the accounts and folders that you want to see in further detail, then select “Apply”.
  • Once you have completed the last step, a new tool will now appear, which is called the “Permissions Creep Index”. This is another new service from Microsoft that displays those employees who are overprivileged, and thus are considered to be at a much higher risk, in case their Cyber Hygiene is not up to par.

How To Use The Permissions Creep Index

To use this service effectively, follow these steps:

  • Select a “Bubble”. This will filter out automatically those employees that are deemed to be a “High Risk”, and will display that to you.  This can be defined as follows:

“This refers to the number of users who have permissions that exceed their normal or required    usage.”

(SOURCE:  1).

  • From the Bubble, you can also view other employee profiles, for example, those that are deemed to be both Low and Medium Risk.
  • In these instances, the metric that you need to be the most concerned about is the “High PCI Change.” This will display all of the login activity of that particular user for the last seven days, and will even alert you immediately if there is any kind of suspicious or unusual behavior that has been exhibited.
  • If you want to get the details of all of the Risk categories into one consolidated view, select the option “View All”.

How To Use The Permission Creep Index Heatmap

It should be noted at this point that it is also referred to as simply the “PCI”.  Along with viewing all of the employees at all risk categories, you can also access a “Heat Map”.  This is technically defined as follows:

“The Permission Creep Index (PCI) heat map shows the incurred risk of users with access to high-risk privileges. The distribution graph displays all the users who contribute to the privilege creep. It displays how many users contribute to a particular score.”

(SOURCE:  1).

From the Heatmap, you can also view all of the resources your employees access and all of the various roles they play in order to determine if anything is being done out of the ordinary.

An illustration of the PCI is below:

An illustration of the PCI Heatmaps is below:

(SOURCES FOR BOTH IMAGES:  2).

Conclusions

If you need any help in using these new tools from Microsoft, contact us today.

Sources