The Future of HIPAA and Changes to NIST 800-66: Access Control and Information Access Management
We can peer somewhat into the future of the Health Insurance Portability and Accountability Act (HIPAA) and overall healthcare data security policy by following the trend in heightened attacks against healthcare providers and proposals for new Federal policy, but there are also key signs for healthcare providers and Electronic Health Records (EHR) system vendors when reviewing the possible changes to National Institute of Standards and Technology (NIST) Special Publication 800-66 (NIST 800-66). NIST 800-66r2 Implementing the HIPAA Security Rule: A Cybersecurity Resource Guide, is “designed to help the industry maintain the confidentiality, integrity and availability of electronic protected health information, or ePHI.” 1 There are two subjects emphasized and woven throughout the newly published NIST 800-66r2 Draft. The first is risk analysis and management, and the second is access management. Interestingly, an entire risk management section is injected into the document, and both topics have more net new content than others throughout the draft. It is for this reason I’d like to highlight some of the new guidance, implications for these additions, and potential capabilities within Microsoft 365 and Azure that can address it.How to list roles/users who have access for creation?
How would I list the roles/users associated with those roles to see who can create log analytics workspaces? I am at the log analytics workspace resource under Access control (IAM), then click on 'Role assignments' then select Scope 'This resource' and group by Role and I see roles such as 'Log Analytics Contributor'. With that, how can I pull a list of users associated with the Log Analytics Contributor role? ThxManaging User Access to Internet on Windows Virtual Desktop
I'm very interested in this product and previously, we implemented our own solution through Azure Virtual Machines which we had to manage completely. In our particular use case scenario, we want to control users' access to Internet and block certain protocols. Here are two specific examples of what we want to do: We'd like to create a white list of websites users can visit and block all the rest. We'd like to turn off FTP protocol completely and take any other action we can to prevent users from "uploading" files to outside world. How could we handle these two scenarios if we were to use Azure Windows Virtual Desktop?
