BOOK A MEETING

Microsoft Entra Permissions Management Services

Users and workloads accumulate permissions over time as more services move to the cloud. More identities and resources to manage, paired with inconsistent access management models across different public clouds, create increased complexity and a need for more visibility for IT and security teams. Left unused and unmonitored, these permissions become prime targets for attackers or risk areas for human error.

Microsoft Entra Permissions Management has one mission; to provide a single platform to manage permissions for any identity or resource – users and workloads – across Microsoft Azure, Amazon Web Services (AWS) and Google Cloud Platform (GCP). Entra Permissions Management continuously monitors activity and behaviour to identify and assess risks and provide visibility.

What Our Microsoft Entra Services Do

Get full visibility

Discover what resources every identity is accessing across all your public cloud platforms.

Automate the principle of least privilege

Use usage analytics to ensure identities have the right permissions at the right time.

Unify cloud access policies

When utilised properly, Entra allows users to unify cloud access policies with ease.

Woman, with tablet, by window

Cloud Infrastructure Security Policies

Implement consistent security policies across your cloud infrastructure.

  • Protect access to any app or resource. Safeguard your organisation by protecting access to every app and every resource for every user.
  • Secure and verify every identity. Secure every identity including employees, customers, partners, apps, devices, and workloads across every environment.
  • Provide only the access necessary. Discover and right-size permissions, manage access lifecycles, and ensure least privilege access for any identity.

What Are Microsoft Entra Services?

Microsoft Entra is a Cloud Infrastructure Entitlement Management (CIEM) software, used to manage users permissions to access cloud resources across an organisation. With the use of Microsoft Entra, you can securely and remotely sign in and access cloud resources.

Areas of Entra Permissions Management

Once the initial setup process is complete, using Permissions Management, you’ll begin to see important insights across various areas. Response actions become available and allow you to remove unused permissions, which allows your team to continue without affecting important operations.

Analytics

The analytics section showcases the search and filters detected events across multiple resources. Results then display PCI for each object, alongside a breakdown of how the score was calculated and identified. A notable feature is the ability to view and edit the specific permissions granted by any given group.

Dashboard

On the Dashboard screen, you’ll find an overview of the overall security posture, with each service AWS, Azure, and GCP displayed separately. You’ll need to navigate between these services:

  • PCI – Overview of permission changes over time, categorising users over their permission levels.
  • Identity Card – This highlights key findings related to privileges, inactivity and security.
  • Resource Card – In Azure, the resource card could identify a managed key, for example.

Autopilot

Autopilot enables you to create rules for the automatic remediation of access issues related to both users and roles. For instance, you can automatically remove unused AWS roles for service users who have been inactive for the past 90 days.

Remediation

The remediation screen basically simplifies the management of permissions across the various resources. Then, from this unified interface, you can configure permissions and roles across your cloud providers.

A particularly useful feature is that you can assign permissions on a scheduled basis, such as granting a user access in specified periods

Audit & Reports

The audit allows you to search over the organisation and check whether any changes have been added or removed.

The reports enable you to run pre-built and custom permission reports, view them online or download them as CSV files, and access detailed visual dashboards for a clear overview of current issues.

What is the Difference Between Azure AD and Entra?

Azure AD, or Azure Active Directory, is a cloud-based identity and access management solution. Microsoft Entra however, is a hybrid IAM solution that caters to the organisational needs of more complex identity management requirements.

Entra Permissions Management Licensing & Pricing

Entra Permissions Management is now available for around $125 per resource, per year.

The supported resources are as follows:

  • Container clusters
  • Serverless functions 
  • Compute resources 
  • Databases on Microsoft Azure, Amazon Web Services and Google Cloud Platform

Choose CWSI for Entra Delivery

At CWSI, we help clients with Entra delivery by following these 3 steps:

  1. Engage
  2. Review
  3. Support

Step 1 – Engage

CWSI will establish and configure your trial instance. Once the ID is verified on your Microsoft Entra ID tenant, Entra Permissions Management will start to gather credentials and environment details to set up and run your sample application. Within a few hours of onboarding, Entra Permissions Management will generate a comprehensive Permissions Analytics Report to identify your organisation’s areas of greatest risk, with actionable insights to begin remediation and secure your environment.

Step 2 – Review

From the data gathered, CWSI will generate reports through the system and provide an initial review of the findings. From the review, we will build a plan to lead the next steps. Elements such as Internal Risk, Partner Access, Machine ID and Keys are reviewed. A target security score is assigned, with projects identified to achieve this. Each customer’s plan is unique to their environment.

Step 3 – Support

Once the priority risks have been mitigated, CWSI will help you create a plan to bring a more structured administration program into production as part of a DevSecOps approach. Typically, we will provide a continued escalation and planning program to ensure long term compliance.

Contact Us Today

Reach out to us, and see for yourself if you are eligible for a workshop, our team and range of expert services are here to help increase your cybersecurity.