8/8/2023 0 Comments Best secret folder app 2018![]() If a service account needs high-level permissions, for example a Global Administrator, evaluate why and try to reduce permissions. Grant the service account permissions needed to perform tasks, and no more. Set an expiration date for credentials that prevents them from rolling over automatically.Ĭreate a naming convention for service accounts to search, sort, and filter them ![]() Use this measurement to schedule communications to the owner, disable, and then delete the accounts. Document what happens if a review is performed after the scheduled review period. The cadence of service account reviews, by the owner Use the information to narrow the scope of permissions and determine access to information Risk and business effect, if the account is compromised Link to the accessed resources, and scripts in which the service account is usedĭocument the resource and script owners to communicate the effects of change Avoid creating multi-use service accounts.ĭocument the resources it accesses and permissions for those resources Map the service account to a service, application, or script. Issue mitigation is done by the owner, or by request to an IT team. Grant the owner permissions to monitor the account and implement a way to mitigate issues. User or group accountable for managing and monitoring the service account We recommend collecting the following data and tracking it in your centralized Configuration Management Database (CMDB). Use the information to monitor and govern the account. Learn more: What is Conditional Access? Plan your service accountīefore creating a service account, or registering an application, document the service account key information. Instead, we recommend managed identities, or service principals, and the use of Conditional Access. This includes on-premises service accounts synced to Azure AD, because they aren't converted to service principals. We do not recommend user accounts as service accounts because they are less secure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |