Azure AD Identity Protection and Azure AD Privileged Identity Management Subscription Requirements

With Azure AD Identity Protection and Azure AD Privileged Identity Management now generally available as part of AAD Premium P2, starting Monday December 5 2016 (TODAY!!), Microsoft is enabling license enforcement for existing tenants using Azure AD PIM.  Without an AAD P2 subscription or trial, tenants with AIP and PIM will see those capabilities disabled/removed.

Azure AD PIM will no longer be available in your tenant if:

  • Your organization was using Azure AD PIM when it was in preview and does not purchase Azure AD Premium P2
  • Your organization had an Azure AD Premium P2 trial that expired
  • Your organization had a purchased subscription that expired

When an Azure AD Premium P2 subscription expires, or an organization which was using Azure AD PIM does not obtain Azure AD Premium P2:

  • Permanent role assignments to Azure AD roles will be unaffected.
  • The Azure AD PIM extension in the Azure portal, as well as the Graph API Cmdlets and PowerShell interfaces of Azure AD PIM, will no longer be available for users to activate privileged roles, manage privileged access, or perform access reviews of privileged roles.
  • Eligible role assignments of Azure AD roles will be removed, as users will no longer be able to activate privileged roles.
  • Any ongoing access reviews of Azure AD roles will end, and Azure AD PIM configuration settings will be removed.
  • Azure AD PIM will no longer send emails on role assignment changes.

The Azure AD PIM subscription requirements:


https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/subscription-requirements

Comments

Post a Comment

Popular posts from this blog

Microsoft Customer Guidance for WannaCrypt Attacks

As you no doubt are aware, the WannaCrypt attacks over the last couple of weeks have been quite pervasive. Microsoft has provided some guidance on the WannaCrypt attacks that I thought you should be aware of, both for Azure as well as on-premises. https://azure.microsoft.com/en-us/blog/wannacrypt-attacks-guidance-for-azure-customers/ https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ Of note, Microsoft has released security patches for OS versions that are no longer in mainstream support, i.e. Windows XP, Windows 8 and Windows Server 2003.
Read more

ILM 2007 Certificate Management Customizations

ILM 2007, through its Certificate Management solution, or Certificate Lifecycle Manager (CLM) as it used to be known, allows an organization to manage credentials within their Windows Server 2003 and 2008 certification authorities. It acts like an administrative proxy, allowing you issue and manage digital certificates and smartcards through a web interface. The solution provides three different APIs (i.e. Provision, SQL and Notification) and a number of customizable interfaces, all of which allow you to customize CLM. This gives you the ability to greatly extend and expand the product's capabilities. For an overview of these APIs and interfaces, have a look at the Certificate Lifecycle Manager Overview on MSDN. Over the next few postings, I'll be looking at these APIs and interfaces in greater detail, to show you how they work and how they could be put to use in your CLM deployment. And I'd like to add a quick shout-out to David Lundell, over at ILM Best Practices , f
Read more