Step-By-Step: Enabling Custom Role Based Access Control in Azure
During the preparation of the Ignite The Tour conference, Neil Peterson and I along with the whole Cloud Ops Advocate team, were looking at issues that IT/Ops professionals are facing when looking at hybrid environments and migrating workloads to the cloud. In this post we will cover RBAC. More specifically, custom RBAC, because built in roles may not always cover every situation so you can customize the RBAC so they are tailored to your specific needs.
Can I use Azure Just in Time (JIT) RBAC without PIM e.g. as a standalone solution
Hello I saw a video show PIM (Privilaged Access Management) and part of it Showed using Just In Time administration to allow a user (after MFA authentication) to elevate to admin to do some work for a set period of time). I need to know more about JIT for RBAC whereby I want to for example give someone the ability to elevate their role (to contributor for example) via MFA or some kind of admin approval, so they can perform a task then their contributor role expires (without necessarily using PIM). However I am having great difficultly finding vidoes, documentation (prefer good videos if available) showing how to set this up and make it work with a few examples and what level of Azure subscription you need to allow JIT RBAC Can someone please advise and point me towards some good vidoes or blog articles on this please Thanks __AAnotherUserCMMC Recovery (RE) Domain Overview and Strategy
One of the key areas where the Cybersecurity Maturity Model Certification (CMMC) expands on NIST 800-171 is system recovery, specifically the ability to recover from any event that compromises the integrity and availability of data. Backups are called out in the Recovery (RE) Domain and include the requirement to backup all content, not just CUI and other critical content. Further, testing backups is now a requirement and likely to be validated during a CMMC assessment.
Intune Permissions
Hi, I am using roles within Intune and would like to grant access to the "enrollment issues"-view for some HelpDesk guys. https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesMonitorMenu/enrollmentFailures) But I don't get which permission is responsible to enable that view. I can not find anything in the documentation. thanks Sebastian
Do Exchange administrators have to be system administrators on Exchange servers?
Hello, I asked this question before on TechNet (https://social.technet.microsoft.com/Forums/de-DE/a48fa3a9-df42-43ca-bc4f-24035853dd64/system-administrator-rights?forum=Exch2016GD). After some confusing mentions of domain admins, the consensus appeared to be that no, Exchange administrators do not have to be system administrators, but nobody knows how it is supposed to work. The problem is that there are several directories on Exchange servers which Exchange admins apparently need to access on a regular basis that the installer nevertheless configured with ACLs with access for sys admins only. Our Exchange team in-house tells me that ACLs on those directories cannot be changed because Microsoft does not support Exchange installations where those ACLs have been changed. Can anybody confirm whether Exchange admins have to be sys admins (and how this squares with RBAC guidelines) or how this is supposed to work? It is apparently not a question that comes up a lot. Are Exchange admins usually sys admins? How do other companies handle this? Are all admins of all applications always sys admins?
