Azure AD Identity Protection and Azure AD Privileged Identity Management Subscription Requirements

With Azure AD Identity Protection and Azure AD Privileged Identity Management now generally available as part of AAD Premium P2, starting Monday December 5 2016 (TODAY!!), Microsoft is enabling license enforcement for existing tenants using Azure AD PIM.  Without an AAD P2 subscription or trial, tenants with AIP and PIM will see those capabilities disabled/removed.

Azure AD PIM will no longer be available in your tenant if:

  • Your organization was using Azure AD PIM when it was in preview and does not purchase Azure AD Premium P2
  • Your organization had an Azure AD Premium P2 trial that expired
  • Your organization had a purchased subscription that expired

When an Azure AD Premium P2 subscription expires, or an organization which was using Azure AD PIM does not obtain Azure AD Premium P2:

  • Permanent role assignments to Azure AD roles will be unaffected.
  • The Azure AD PIM extension in the Azure portal, as well as the Graph API Cmdlets and PowerShell interfaces of Azure AD PIM, will no longer be available for users to activate privileged roles, manage privileged access, or perform access reviews of privileged roles.
  • Eligible role assignments of Azure AD roles will be removed, as users will no longer be able to activate privileged roles.
  • Any ongoing access reviews of Azure AD roles will end, and Azure AD PIM configuration settings will be removed.
  • Azure AD PIM will no longer send emails on role assignment changes.

The Azure AD PIM subscription requirements:


https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/subscription-requirements

Comments

Post a Comment

Popular posts from this blog

Five reasons to run SQL Server 2016 on Windows Server 2016

The Microsoft SQL Server team is publishing a five-part series on why to run SQL Server 2016 on Windows Server 2016.   Can you guess reason #1?   Yes, it's security.  We're going to see a much bigger push on the MS front addressing its commitment to a holistic security approach across the whole Microsoft stack, building and integrating security throughout its platforms, and product and service offerings.  Read on to see how SQL Server 2016 on Windows Server 2016 increase your security posture, using features such as Device Guard, Credential Guard, Control Flow Guard and Windows Defender on Windows Server 2016 and Always Encrypted protection, Row-Level Security and Dynamic Data Masking in SQL Server 2016. https://blogs.technet.microsoft.com/hybridcloud/2017/03/23/five-reasons-to-run-sql-server-2016-on-windows-server-2016-1-security/ The second part of the series focuses on the performance increases and cost savings that can be had with SQL Server 2016 on Windows...
Read more

Introducing Azure AD Pass-Through Authentication and Seamless Single Sign-on

Now in public preview, Azure AD Pass-Through Authentication is a 3rd alternative in the options for “single sign-on” between Active Directory and Azure AD.  Designed to remove the infrastructure requirements of AD Federation Services, it provides a more seamless SSO experience than the Password Hash Sync through AAD Connect.    With the use of AAD Connect and a simple connector, AAD PTA relies on secure outbound communication to validate username  and password credentials against your on-premises Active Directory.  No need to sync AD passwords to AAD, nor deploy AD FS! https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/introducing-azuread-pass-through-authentication-and-seamless-single-sign-on/ https://docs.microsoft.com/en-us/azure/active-directory/active-directory-aadconnect-pass-through-authentication
Read more