Event banner
Event details
55 Comments
- Where to ask for support (and maybe to verify if it's really available in West Europe?). Tried 3 different tenants to onboard but after the license it resulted in errors, re-logon again only errors.
- The offer that you want is unavailable. This might be caused by one of the following reasons: - The offer has expired. - The service is not available in your country or region. - You cannot sign up for the same trial a second time.
- lauraviarengo
Microsoft
Hi! To file a support ticket, please visit: https://entra.microsoft.com/#blade/Microsoft_Azure_Support/NewSupportRequestV3Blade/callerName/ActiveDirectory/issueType/technical
1. Will Permissions Management ever be able to automate Principle of Least Privilege for Global Administrators that are not yet associated with a Subscription or have access to a resource? Certain global administrators are not showing up in CloudKnox.
2. Is it possible to configure what is deemed “Over-provisioned”, to be stricter? Like setting exceptions for all Global Administrator that can set Access management to all resources enabled?
3. Will onboarding mode set to: Automatically Manage, change existing permissions for Azure Resources? Is there any risk to current assigned permissions?
4. Will it be possible to change the option for deletion of a configuration instead of OTP (since the default receiver does not have a mailbox)
5. At what date is the official launch for Permissions Management (end of PREVIEW)?
6. Despite being signed up for trial in EU and it being active, it is not showing in the Entra portal. I could however force our tenant to be onboarded with the following link https://c16.app.ciem.cloudknox.io/tenant/onboard . Permissions Management is still not showing up in Entra or in Azure AD highlights.
- Nick_Wryter
Hello! Thanks for the questions.
1. Currently Entra Permissions Management looks at the permissions assignment in the subscriptions. Support for Azure AD roles is in future roadmap.
2. Currently, we do not have configurations for “Over-provisioned” since we calculate permissions creep index (PCI) scores by what we see in your environments measured by high, medium or low risk. You can exclude the Global Administrators from the overall permission creep index by tagging “exclude_from_pci”.
3. There are two types are onboarding, controller enabled or disabled. With controller disabled mode, you can assign Read-Only permissions. With controller mode enabled, admin can choose to remediate the over-privilege identities, create new roles from the Entra Permissions Management console.
4. The option of deletion cannot be changed as we use the OTP mechanism as a step to ensure consent of deletion. You will need to ensure the Global Admin or admin of Entra Permissions Management under User Management require an email account.
5. Official launch: July 7th, 2022. Public preview has ended, all accounts onboarded to public preview will go offline on October 7th, 2022. You can sign up for a trial license to continue using the product in a trial manner https://aka.ms/TryPermissionsManagement
6. Can you access the link directly https://pm.cloudknox.io ? If you still see the issue, please open a support ticket.
Thank you for taking the time to reply to all my questions. Yes I can access the PM CloudKnox and the link you mentioned. The Permissions Management shortcut in the Entra portal, however, is missing. When I used the link that i posted ending with /onboard, my tenant was automatically onboarded within seconds (without me actually having to Enable PM or perform any PowerShell actions). Is this by design?
- Trevor_Rusher
Community Manager
Welcome to the Microsoft Entra Permissions Management Ask Microsoft Anything (AMA)! This live hour gives you the opportunity to ask questions directly to the Microsoft team. Please post any questions in a separate, new comment thread. Thanks! - Hello, guys. Great to know about that GA. I have a question about non-supported platforms. My business has many other tools to manage and control other aspects of the core business. Unfortunately, websites do not have SAML or Oauth available, and my security team is too small. What should I do to deal with this problem? Microsoft offers something to help me beyond the standard ways?
- Hello! Since we aren’t aware of the exact challenges of these non-supported platforms, I am not in a good position to answer your question. Microsoft Entra Permissions Management does not yet support these platforms, please refer to the Azure AD documentation for additional information: https://docs.microsoft.com/en-us/azure/active-directory/
I'm glad to see Entra Permissions Management is now available for 90-day trial in Europe, that's great news! However do we have any more information on pricing? Specifically will this be a stand alone license and what is the cost, or, will this be included in E5/A5 tiers of licenses?
- lauraviarengoHi! Yes, Permissions Management is available as a standalone solution priced at $125 per resource, per year. To start a free 90 day trial and run a risk assessment across your multicloud environment, visit https://aka.ms/TryPermissionsManagement.
UK based here, so will I need to do a dollar to pound conversion or will it be £125 per resource as well? Also how is a "resource" defined in this context?
- It is a standalone license and the cost is approx 11 $/user/month. https://aka.ms/TryPermissionsManagement
- Hello; The question I raise on behalf of my client. Cx want to enable MFA or duel authentication for RDP ; I mean when Cx try to login his all Remote servers ( On premise ) - He wants that all user's/admin will go through dual authentication process. Can Microsoft Entra help on this solution? Thanks in Advance,
- You can try https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-rdg! Personally, we are an MSP that uses Duo (3rd Party) 😉
- lauraviarengoHi! This is not part of the Entra Permissions Management solution. Within Entra, Azure AD can support on- premise MFA through NPS Extension: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-rdg
When I try to run the script, I get bash: syntax error near unexpected token `newline', what am I doing wrong?
Never mind, I got it working
