What Is Entra Permissions Management (Formerly CloudKnox)

As unmonitored cloud services, and particularly virtual machines, continue to proliferate, it becomes significantly tricky for organizations to keep tight control over who does what within the cloud infrastructure. If the recent high-profile breaches are anything to go by, it is evident just how quickly threat actors can move laterally by exploiting misappropriated privileged credentials.  Microsoft Entra Permissions Management steps in as a multi-cloud permission management platform that seeks to protect critical cloud infrastructure and identities. The platform provides comprehensive visibility and enables continuous, automated management of permissions.

Entra Permissions Management is a cloud infrastructure entitlement management (CIEM) solution currently in preview. It currently supports the three major public clouds: Google Cloud Platform (GCP), Microsoft Azure, and Amazon Web Services (AWS). It also provides comprehensive visibility and control across identity providers, including Azure Active Directory, Ping Identity, and Okta. Overall, it is a unified platform from which you can access, manage, govern, and protect permissions and identities within your cloud infrastructure.

As a CIEM solution, it offers granular visibility into all identities and the permissions granted versus what’s been used. It comes with data collectors that crawl through the different permissions assigned, activity logs, and resource metadata to uncover any action performed by any identity within the resource. Note that this is not limited to just the user identities. It extends to workload identities, including virtual machines, access keys, containers, and scripts.

Key Use Cases of Entra Permissions Management

We are seeing more organizations adopting a multi-cloud strategy only to end up struggling with a lack of visibility and increased complexity when it comes to managing permissions. What’s more, with the rapid increase of identities and cloud services, businesses are experiencing an influx in risk cloud permissions. The latter expands the attack surface for threat actors and increases the pressure on IT security teams to ensure that access to the business’s cloud estate is both secure and compliant. Further, there are some inconsistencies when it comes to cloud providers’ native access management models. This brings about undue complexities for Security and Identity, especially when it comes to managing permissions and enforcing least privilege access policies across the cloud infrastructure. Entra Permissions Management aims to help businesses and IT teams address these challenges through these three critical use cases.

Discover 

As a customer, you can assess the permission risks by evaluating the gap between the permissions you’ve granted and what’s been used. With Entra Permissions Management, you’ve got granular and normalized metrics for all three cloud platforms. You can also leverage Permission Creep Index (PCI), an aggregated metric that periodically evaluates the risk levels associated with unused or excessive permissions across your cloud infrastructure. Finally, you have permission usage analytics that provides you with a multi-dimensional view of permissions risks across the different identities, actions, and resources.

Remediate

With Entra Permissions Management, you can right-size your permissions based on usage. You can also grant new permissions on-demand and automate just-in-time access for cloud resources. This CIEM solution is that it can automatically delete permissions that remained unused for over 90 days. You also have the permissions on-demand functionality that enables you to grant identity permission as the need arises for a time-limited period.

Monitor 

Entra Permissions Management comes powered with machine language-powered alerts that help your IT team detect abnormal activities. This will yield context-rich forensic reports detailing the different identities, actions, and resources. Ultimately, these come in handy during investigation and remediation. It is prudent to mention that Entra Permission Management takes the Zero Trust security strategies a tad further. Further, it augments the least privilege access principles, thus allowing you to get comprehensive visibility to discover what identities are doing, where, and when. It also automates least privilege access, thus ensuring identities have the proper permission at the right time. Finally, it unifies access policies across all platforms, thus facilitating the easier and more consistent application of security policies across your entire cloud ecosystem.

Summary of the Key Capabilities of Microsoft Entra Permissions Management

Cross-Cloud Visibility 

Think of visibility as the underpinning of any cybersecurity strategy. In the event that your business has distributed enterprise networks, you end up with a fragmented view of the enterprise. Add static dashboards and scattered information. Then, you end up with a situation where you cannot co-relate logs or flag malicious users and lateral threats. That’s why you need granular visibility and contextual analytics of all activity within your cloud environment. Microsoft Entra Permissions Management offers comprehensive visibility into privileged access. You get to have 3600 security views with infinite granularity. This helps you identify indicators of compromise (IoCs) ahead of the actual threat. Overall, this cross-cloud visibility helps you simplify compliance and audits for your entire multi-cloud environment.

Automated Remediation 

You can download fixes for misconfigured policies and have Entra Permissions Management remediate them on your behalf. What’s more, you should be able to update your policies to address new and evolving risks. Overall, with this automated remediation, you can potentially remediate potential issues in real-time.

Anomaly Detections and Alerts 

With Entra Permissions Management, you have an integrated audit and compliance engine that continuously monitors and reports on any anomalies, including vulnerabilities, misconfigurations, and compliance violations. With anomaly detection, you can detect and alert on any anomalous activity. This includes unusual activities, geo-locations, and client types. You could get alerts for these anomalous activities through email or integrated third-party SIEM or SOAR tools.

Detailed Forensic Reports 

Entra Permissions Management offers incisive out-of-the-box forensic reports that should help your team get in front of potential risk. You can fully customize these reports to have them meet the specific compliance reporting requirements you need for your business. You have the option of having either scheduled or on-demand reports that can be run and distributed by mail. Altogether, these reports come in handy when making vital business decisions.

Learn More About Entra Permissions Management

At Agile, we are committed to empowering your business to secure all its applications in any of the available cloud environments. Our experts will help you simplify your modern cloud security management, thus preventing data breaches, increasing cloud environment visibility, and facilitating event response and remediation automation. Schedule a consultation today, and let us help you discover, remediate, and monitor the permission risks across your multi-cloud infrastructure.