cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Azure PIM role settings

Skipster311-1
Iron Contributor

‎Dec 06 2021 02:00 PM

‎Dec 06 2021 02:00 PM

Azure PIM role settings

Hello

 

if a service account is already permanently active in a role , if this box is not checked will it move the service account to eligible?

 

Skipster3111_0-1638827924431.png

 

Labels:
1,593 Views
1 Like
7 Replies
Reply
7 Replies
Chandrasekhar_Arya

‎Dec 07 2021 03:46 AM

‎Dec 07 2021 03:46 AM

Re: Azure PIM role settings

If it is a service account I would suggest to select allow permanent active assignment or
0 Likes
Reply
BilalelHadd

‎Dec 07 2021 05:51 AM

‎Dec 07 2021 05:51 AM

Re: Azure PIM role settings

Hi @Skipster311-1,

The below answer won't directly answer your question, but It might help you boost your security.

Is there a possibility of requesting the application owner migrate the Service Account into a Service Principal? Most of the time, this is possible. However, I would not recommend using Service Accounts (especially) in the Cloud because of security purposes. Which automatically means I would never assign a permanent Azure AD role to the Service Account. There is an exception; If you could block the sign-in for this particular Service Account from any location except the trusted ones with Conditional Access, then it might be some sort of "safe," but still - Service Principals over (synced) Service Accounts.

Reasons for using a Service Principal:
- Doesn't exist of a username and password
- Cannot be logged in interactively from, for example, a portal page
- Less likely to be impacted when it comes to brute force attacks, isn't

I hope it will help you.
1 Like
Reply
Skipster311-1

‎Dec 07 2021 07:45 AM

‎Dec 07 2021 07:45 AM

Re: Azure PIM role settings

Good advice. Thank you. Can you point me to an article on how to create and use service principals ?
0 Likes
Reply
Chandrasekhar_Arya

‎Dec 07 2021 07:56 AM

‎Dec 07 2021 07:56 AM

Re: Azure PIM role settings

Thanks @Bilalehadd its a great let me take this advise any URL will be helpful
0 Likes
Reply
Skipster311-1

‎Dec 07 2021 08:31 AM

‎Dec 07 2021 08:31 AM

Re: Azure PIM role settings

Can i also place the shared secret or certificate for the service principal in Azure key vault and then call the credentials that are in key vault instead of specifying the credentials for the service principal in code ?
0 Likes
Reply
best response confirmed by Skipster311-1 (Iron Contributor)
BilalelHadd

‎Dec 08 2021 12:42 AM - edited ‎Dec 08 2021 12:43 AM

‎Dec 08 2021 12:42 AM - edited ‎Dec 08 2021 12:43 AM

Solution

Re: Azure PIM role settings

@Skipster311-1 @Chandrasekhar_Arya

See the below article, and as mentioned earlier, try to involve the application owner or supplier when you want to start implementing this.
https://identity-man.eu/2021/03/19/service-principals-all-you-need-to-know/

0 Likes
Reply
Skipster311-1

‎Dec 08 2021 08:09 AM

‎Dec 08 2021 08:09 AM

Re: Azure PIM role settings

This is great , thanks!
1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by Skipster311-1 (Iron Contributor)
BilalelHadd

‎Dec 08 2021 12:42 AM - edited ‎Dec 08 2021 12:43 AM

‎Dec 08 2021 12:42 AM - edited ‎Dec 08 2021 12:43 AM

Solution

Re: Azure PIM role settings

@Skipster311-1 @Chandrasekhar_Arya

See the below article, and as mentioned earlier, try to involve the application owner or supplier when you want to start implementing this.
https://identity-man.eu/2021/03/19/service-principals-all-you-need-to-know/

View solution in original post

0 Likes
Reply