Event banner
Event details
- What is the baseline or benchmark that Entra uses to indicate the risk or issue?
- singhanmol
Microsoft
Hi Naresh, if your question refers to Microsoft Entra Permissions Management, our CIEM solution, we use PCI (Permissions Creep Index) as a quantitative measure of risk associated with an identity or role determined by comparing permissions granted versus permissions exercised. It allows to instantly evaluate the level of risk associated with the number of unused or over-provisioned permissions across identities and resources.
Will Entra introduce reduced privilege capabilities around OAuth token administration? How about browser based adding/deleting/updating? Currently GA permissions and uploading csv files are required for use.
- SteveBallThank you, Patrick. We're working on developing and releasing new scenarios in a short term and longer term roadmap - we'd love to hear your ideas (like OAuth token support which we do not support today.) Our current remediation processes are browser-based (or you can remediate via cut and pasting scripts from Entra Permissions Management into the console of choice.) If useful, could you expand on your CSV comment to clarify what you'd like to see with more detail?
- I want to kind of echo Patrick's comments but more broadly. There are a lot of functions in AAD altogether that require pretty high-level rights to manage, making it hard to delegate to appropriate personnel without over provisioning them. A specific example: If a user reports Fraud via Authenticator, it requires pretty high rights to clear. I would love to be able to delegate this to our SOC, but not giving them all kinds of other access.
- Has Entra been reviewed by ISACA or other umbrella auditing organization? If not what is the relationship of Entra to regular/annual IT audits?
- singhanmolWe adhere to multiple industry regulations, compliance and audits reports that you could find here on the service trust portal at: https://servicetrust.microsoft.com/Documents/ComplianceReports Here is an additional link to the documentation specific to reporting and monitoring in Azure AD : https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-audit-logs
- Thanks - Having SOC is enough for most.
- what is your security tool microsoft defender
- lauraviarengoHi Rajiv! More information about Microsoft Defender can be found here: https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-business
- Do you have a publicly available roadmap for upcoming features?
- SteveBallHi David - great question, we do not have a (public) roadmap update yet, however we are continuously working on new scenarios and features for Entra and Entra Permissions Management. If you have a specific scenario, need, or request, we'd love to hear more details?
- Are there plans to improve the ID management between Microsoft and VMware Horizons?
- SteveBallThanks Andy - we hope to enable vSphere as a data source for Entra Permissions Management in the future, but could you clarify more details about what scenarios you'd like to see covering ID management for Horizons?
- I would like to be able to get compliance info into AAD from VMware Workspace One.
- lauraviarengoHi David! For questions about Azure AD, please visit the Azure AD discussion page: https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad/bd-p/Azure-Active-Directory
Similar to Andy Bowen's question: Are there plans to improve the ID management between Microsoft and (software X - such as CKAN etc)? An open API (encrypted but published not completely open) between third party software products such as say ChatGPT conversations?
- singhanmolHi John, we offer an extensive RESTful API platform, Microsoft Graph (https://learn.microsoft.com/en-us/graph/overview) that enables third-party software platforms (like the ones you mentioned, Software X and ChatGPT) to access Microsoft Cloud services, including Microsoft identity platform that helps you build applications for users and customers to sign in and integrate with our identity services.
- Thanks Anmol. OData with encryption or hashing would work didn't know it was on Graph.
- Trevor_Rusher
Community Manager
Welcome to the Microsoft Entra Permissions Management Ask Microsoft Anything (AMA)! This live hour gives you the opportunity to ask questions directly to the Microsoft team. Please post any questions in a separate, new comment thread. Thanks! - What tools do you recommend protecting your laptop from viruses and attacks?
- singhanmolHi Rajiv, this forum today is more specifically related to Microsoft Entra Permissions Management (MEPM), which is our CIEM tool. Regarding your question, Microsoft Defender for Endpoint is our endpoint protection platform to prevent, detect, investigate, and respond to advanced threats. For more, please refer to https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide.
- Trevor_RusherThank you for joining our AMA today! We appreciate all the great questions and hope you learned something new! I'll be locking this event to new questions and sharing a summary of the questions and answers in this space in a bit.
