All his videos are very high-level touch base. Udemy too, so if you follow this guy and took a MS exam, you literally fucked up. If anyone making videos nowadays it has to be in-depth and align with exam objectives. Not just basic clicks on the portal.
Thanks for this. Brilliant for Admin roles. Is there a way we could leverage PIM to delegate access on behald of another user as a role? E.g. EA on behalf of CEO? (or anything else within Microsoft universe)
In Microsoft Purview, there are specific roles that are unique to its governance and compliance capabilities and are not necessarily represented directly within Microsoft Entra ID (formerly Azure AD). These roles are designed to manage various aspects of data governance, such as data access, catalog management, and compliance settings. Here's how you handle roles specific to Microsoft Purview: 1. Understanding Purview-Specific Roles Microsoft Purview includes several specific roles that help manage and secure data across your environment. These roles include: Purview Data Curator: Responsible for managing and curating data sources within Purview. Purview Data Reader: Can read data maps and insights but cannot make changes. Purview Data Source Administrator: Can manage data sources, including adding and removing them. 2. Assigning Purview-Specific Roles These roles are managed through the Purview management portal, not directly through Entra ID. To assign these roles: Go to the Microsoft Purview portal. Navigate to the Data permissions or a similar section where you can manage access. Assign roles to users or groups as needed to ensure they have appropriate access to perform their tasks. 3. Integrating with Privileged Identity Management (PIM) While these roles are managed within Purview, the principles of least privilege and just-in-time access can still be applied by using a combination of Purview’s own access policies and broader PIM strategies: Conditional Access: Use Microsoft Entra conditional access policies to control when and how users can access the Microsoft Purview portal based on their current role status, location, device compliance, etc. Access Reviews: Regularly review who has access to these roles through Purview’s administrative controls and audit logs. 4. Monitoring and Compliance Even if PIM is not directly integrated: Audit Logs: Purview provides detailed audit logs that can be reviewed to understand who accessed what data and when. Activity Monitoring: Use activity monitoring tools within Purview to keep an eye on how data is accessed and managed, integrating these insights with broader security and compliance monitoring tools. 5. Best Practices Role Minimization: Regularly review roles and permissions to ensure that only necessary privileges are granted. Security Training: Train users on the importance of data governance and the specific responsibilities associated with their roles in Purview. By taking these steps, you can effectively manage Purview-specific roles and integrate them into your organization's broader security and governance framework.
@@examlabpractice ok so you're saying you can't control Purview admin roles through PIM (except those already available in Entra) so just use conditional access, thanks!!!
It would be great if we had a video explaining the end user experience..
All his videos are very high-level touch base. Udemy too, so if you follow this guy and took a MS exam, you literally fucked up. If anyone making videos nowadays it has to be in-depth and align with exam objectives. Not just basic clicks on the portal.
Great Video!
Hey is there a way to enable the PIM automatically instead of manually?
Thanks for this. Brilliant for Admin roles. Is there a way we could leverage PIM to delegate access on behald of another user as a role? E.g. EA on behalf of CEO? (or anything else within Microsoft universe)
How would you use PIM with purview roles?
In Microsoft Purview, there are specific roles that are unique to its governance and compliance capabilities and are not necessarily represented directly within Microsoft Entra ID (formerly Azure AD). These roles are designed to manage various aspects of data governance, such as data access, catalog management, and compliance settings.
Here's how you handle roles specific to Microsoft Purview:
1. Understanding Purview-Specific Roles
Microsoft Purview includes several specific roles that help manage and secure data across your environment. These roles include:
Purview Data Curator: Responsible for managing and curating data sources within Purview.
Purview Data Reader: Can read data maps and insights but cannot make changes.
Purview Data Source Administrator: Can manage data sources, including adding and removing them.
2. Assigning Purview-Specific Roles
These roles are managed through the Purview management portal, not directly through Entra ID. To assign these roles:
Go to the Microsoft Purview portal.
Navigate to the Data permissions or a similar section where you can manage access.
Assign roles to users or groups as needed to ensure they have appropriate access to perform their tasks.
3. Integrating with Privileged Identity Management (PIM)
While these roles are managed within Purview, the principles of least privilege and just-in-time access can still be applied by using a combination of Purview’s own access policies and broader PIM strategies:
Conditional Access: Use Microsoft Entra conditional access policies to control when and how users can access the Microsoft Purview portal based on their current role status, location, device compliance, etc.
Access Reviews: Regularly review who has access to these roles through Purview’s administrative controls and audit logs.
4. Monitoring and Compliance
Even if PIM is not directly integrated:
Audit Logs: Purview provides detailed audit logs that can be reviewed to understand who accessed what data and when.
Activity Monitoring: Use activity monitoring tools within Purview to keep an eye on how data is accessed and managed, integrating these insights with broader security and compliance monitoring tools.
5. Best Practices
Role Minimization: Regularly review roles and permissions to ensure that only necessary privileges are granted.
Security Training: Train users on the importance of data governance and the specific responsibilities associated with their roles in Purview.
By taking these steps, you can effectively manage Purview-specific roles and integrate them into your organization's broader security and governance framework.
@@examlabpractice ok so you're saying you can't control Purview admin roles through PIM (except those already available in Entra) so just use conditional access, thanks!!!