Course A825, Protecting the Organization with Identity Panel teaches how to use the features of the Identity Panel core framework to improve the organization's identity security posture.
Duration: 1 day
Who is this for?
This course is designed for:
- Active Directory engineers responsible for security and integrity of identities, groups, and their permissions.
- PowerShell developers who run develop and run scripts within the enterprise to maintain and modify accounts, groups, authentications, and permissions.
- MIM Developers who want to understand and utilized the features of Identity Panel to avoid security exposure, data loss, and other unwanted changes
- Application Owners who want to understand how to secure their application access
- Security Engineers who want to understand how to protect the company from one of its largest risks (according to the Guardian)
- Compliance Engineers and auditors who need compliance reports
Prerequisites
Attendees will usually be an engineer, developer, or architect in the technologies that will be used with the Suite. As a minimum, you should have a sound understanding of network directories, and your organization's identity management processes.
What you will learn
Understand how Identity Panel protects the enterprise
Understand the gaps and risks that are introduced when organizations automated IAM with Microsoft Identity Manager and PowerShell scripts, and know how to addresses these risks with Identity Panel
Understand how Identity Panel fits into you Change Control process and brings your organization in compliance with SOC II Type 2 audit and other standards
Know how to empower your GDPR and non-repudiation compliance effort with Identity Panel
Learn how to Identity Panel tells you what is going to happen before you or MIM make the change
Understand how to report and visualize change. Know who or what caused any change to your MIM code, connectors, and identities
Learn how to fix identity problems in your enterprise Identity Panel has unearthed
Learn how monitor and prevent stealth password capturing from being secretly implement within MIM
Discover how companies are responding to "code red" situations with Identity Panel, preventing rouge players from acting against the company IT systems
Discovery how to institute separation of duties in your scripts, preventing privileged scripting from acting against the organization.
Agenda by feature
- Time Traveler and Service Panel
- Uplift Rule Engine and Source Control (.NET rules extension on rails)
- Scheduler and Workflows
- Managed PowerShell
- Preventing unwanted change, and approving change
- Test Cases
- Bulk Clean-up
- How Identity Panel protects itself
Agenda by in detail
Time Traveler and Service Panel
- Identity Silos
- Contrails
- Directory and Application identity history
- Claims logging
- Assessing an issues
- Making identity changes with Service Panel
Uplift Rule Engine and Source Control
Scheduler and Workflows
- Who is doing the work? Panel Services vs. Web Application
- Security contexts
- Change volume thresholds
- Overlapping schedules (conflicting schedules)
- Workflow approvals
- Preventing unwanted change, and approving change
Managed PowerShell
- Separation of Duties
- Eliminating user level privileged access
- Protecting and hiding credentials from developers
Test Cases
- Change Control - Provide you have tested your changes
- Change Control - Show you can check your changes before, during, and after
- Change Control - Show you can roll-back unwanted outcomes
- Development to production life-cycle on rails
Bulk Clean-up
Manage the Humans!
- Human Checks - Who is watching the store?
- Who is changing MIM?
- Who made that change to AD?
- Who is stopping the Schedule?
- Did someone turn provisioning off (and forget to turn it on)
- Limit who can do what to whom through Service Panel
- Non-repudiation
- Empower on-boarding and get the human data right
How Identity Panel and Service Panel protect themselves
- Security architecture
- Access Logging
- MIM RDP Console - Identity Manager
- Least privileged
- Panel Check
- Optional: Auto-update Panel Service from App Server or cloud
Comments
0 comments
Please sign in to leave a comment.