rbac and various other tech

content/2 Azure Services/Access Reviews.md

@@ -1,6 +1,7 @@
 ---
 tags:
   - azure
+  - iam
 ---
 
 

content/2 Azure Services/Azure Conditional Access Policies.md

@@ -1,3 +1,8 @@
+---
+tags:
+  - iam
+  - azure
+---
 
 In order to implement conditional access policies, we need to disable the default ones put in place by Azure.
 

content/2 Azure Services/Enabling BitLocker Keys in Active Directory.md

@@ -1,3 +1,7 @@
+---
+tags:
+  - powershell
+---
 Since the Windows 11 update, viewing the [[Bit Locker]] keys in [[Active Directory Users and Computers]] now requires the use of a PowerShell script to install. 
 
 To begin, open up PowerShell with administrator privileges:

content/2 Azure Services/Management Groups.md

@@ -0,0 +1,30 @@
+To start using management groups, click the 'Start using management groups' button:
+
+![[Pasted image 20240711131159.png]]
+
+Give it a Group ID and display name:
+
+![[Pasted image 20240711131755.png]]
+
+We can now see that the management group has been created:
+
+![[Pasted image 20240711131843.png]]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

content/2 Azure Services/Configuring Multifactor Authentication.md → content/2 Azure Services/Multifactor Authentication (MFA).md

@@ -1,3 +1,8 @@
+---
+tags:
+  - iam
+  - azure
+---
 Multifactor Authentication allows a more secure access to accounts, confirming the user is who they say they are. 
 
 ## Configuring Multifactor Authentication in Azure

content/2 Azure Services/Privileged Identity Management (PIM).md

@@ -0,0 +1,59 @@
+
+
+To setup Privileged Identity Management, navigate to the PIM portal and select 'Microsoft Entra roles':
+
+![[Pasted image 20240711122656.png]]
+
+Select 'Assign Eligibility':
+
+![[Pasted image 20240711122735.png]]
+## Configuring Roles
+Select 'Application Developer':
+
+![[Pasted image 20240711123010.png]]
+
+Select the 'Settings' tab:
+
+![[Pasted image 20240711123140.png]]
+
+Select the Edit button:
+
+![[Pasted image 20240711123228.png]]
+
+Here you can set the duration, [[Multifactor Authentication (MFA)]], and justification settings:
+
+![[Pasted image 20240711123445.png]]
+
+In the Assignment tab, we can configure permanent active and eligible assignments:
+
+![[Pasted image 20240711123606.png]]
+
+We can change the notifications in the next tab, once done click on 'New Assignment':
+
+![[Pasted image 20240711123726.png]]
+
+## Assigning users to Role
+
+Go back to the Application Developer assignment and click 'Add assignments':
+
+![[Pasted image 20240711124021.png]]
+
+Choose the user you want the role to be assigned to:
+
+![[Pasted image 20240711124108.png]]
+
+Assign the duration of the assignment in the next tab:
+
+![[Pasted image 20240711124205.png]]
+
+The user now has been added to the Application Developer role:
+
+![[Pasted image 20240711124255.png]]
+
+
+
+
+
+
+
+

content/2 Azure Services/Role Based Access Control (RBAC).md

@@ -0,0 +1,37 @@
+
+Navigate to Resource groups and select a resource group you want to enable RBAC for:
+
+![[Pasted image 20240711133315.png]]
+
+Navigate to the Access control (IAM) blade:
+
+![[Pasted image 20240711133430.png]]
+
+In the Role assignments tab, we can see all the roles that have been assigned for this resource group:
+
+![[Pasted image 20240711133654.png]]
+
+In the Add dropdown, select 'Add role assignment':
+
+![[Pasted image 20240711133844.png]]
+
+Select the desired role you want to assign:
+
+![[Pasted image 20240711134006.png]]
+
+Select members and assign them:
+
+![[Pasted image 20240711134109.png]]
+
+The user is now assigned the reader role to the resource group:
+
+![[Pasted image 20240711134220.png]]
+
+Remember that roles are inherited so anything created under this resource group will allow the user to access with their reader role.
+
+
+
+
+
+
+

content/3 AWS Services/Creating and Inviting Accounts in AWS Organizations.md

@@ -3,6 +3,7 @@ title: Creating and Inviting Accounts in AWS Organizations
 draft: false
 tags:
   - aws
+  - iam
 ---
 
 Create or invite other AWS accounts into the organization structure.

content/3 AWS Services/Revoking AWS Temporary Access Credentials.md

@@ -3,6 +3,7 @@ title: Revoking AWS Temporary Access Credentials
 draft: false
 tags:
   - aws
+  - iam
 ---
 Securing credentials is crucial in preventing unauthorized access to the cloud. In the event that a credential is leaked, follow the steps below.
 

content/3 AWS Services/Securing Access using Service Control Policies.md

@@ -3,9 +3,10 @@ title: Securing Access using Service Control Policies
 draft: false
 tags:
   - aws
+  - iam
 ---
 
-The rest of your content lives here. You can use **Markdown** here :)We can prevent accounts from accessing services through the use of SCP. 
+We can prevent accounts from accessing services through the use of SCP. 
 
 If you apply a SCP to an Organizational Unit (OU), everything down the tree will be affected.