mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-11 10:03:42 +03:00
1.9 KiB
1.9 KiB
Azure AD PIM Implementation Template
Tenant Details
| Field | Value |
|---|---|
| Tenant ID | |
| Tenant Name | |
| License | Entra ID P2 / Entra ID Governance |
| Implementation Date | |
| Project Lead |
Role Configuration Matrix
| Role | Assignment Type | Max Activation | MFA Required | Approval Required | Approver |
|---|---|---|---|---|---|
| Global Administrator | Eligible | 1 hour | Yes | Yes | |
| Security Administrator | Eligible | 4 hours | Yes | Yes | |
| Exchange Administrator | Eligible | 8 hours | Yes | No | |
| User Administrator | Eligible | 8 hours | Yes | No | |
| Application Administrator | Eligible | 8 hours | Yes | No |
Break-Glass Accounts
| Account | UPN | Assignment | MFA | Storage Location |
|---|---|---|---|---|
| Break-Glass 1 | Active Global Admin | FIDO2 key | ||
| Break-Glass 2 | Active Global Admin | FIDO2 key |
Migration Checklist
- All permanent role assignments inventoried
- Break-glass accounts identified and documented
- PIM role settings configured for each role
- Approval workflows configured with designated approvers
- MFA enforced for all role activations
- Permanent assignments converted to eligible (except break-glass)
- Notification settings configured (admin, security team)
- Access reviews scheduled (quarterly)
- PIM alerts enabled and monitored
- Audit logs forwarded to SIEM
- User communication sent with activation instructions
- Help desk trained on PIM troubleshooting
Access Review Schedule
| Role | Frequency | Reviewer | Auto-Apply | Duration |
|---|---|---|---|---|
| Global Administrator | Monthly | Security Lead | Yes - Remove | 7 days |
| Security Administrator | Quarterly | CISO | Yes - Remove | 14 days |
| All Other Admin Roles | Quarterly | Manager | Yes - Remove | 14 days |