​

Streamlined Azure IT account management and enhanced cloud security through Entra ID & Just-In-Time RBAC implementation.

​

Project Summary: Implemented a comprehensive security solution at a previous site(non-disclose). Leveraging Azure Entra ID (formerly Azure AD) and Just-In-Time (JIT) Role-Based Access Control (RBAC) to manage IT accounts and secure critical Azure infrastructure. This project addressed vulnerabilities related to persistent administrative privileges, privileged access sprawl, and limited auditability in the cloud environment, while adhering to Microsoft's Zero Trust security principles.

​

Role:

As the Cybersecurity Associate Analyst, I led the design, implementation, and automation of the Azure Entra ID & JIT RBAC solution, working closely with the infrastructure and IT teams to ensure seamless integration and minimal disruption to existing workflows.

​

Technologies Used:

​

• Azure Entra ID (formerly Azure AD)

• Azure Privileged Identity Management (PIM) - [mention which feature of PIM]

• Azure Resource Manager (ARM) templates for infrastructure as code (IaC)

• Azure Logic Apps for automation of JIT access requests

• Microsoft Sentinel for security monitoring and alerting

• Azure Key Vault for secure credential storage

• Azure Monitor for logging and analysis

• ​

Key Achievements/Outcomes:

​

• Reduced the number of standing (persistent) Azure global administrator accounts by 95%, minimizing the attack surface and limiting the window of opportunity for credential compromise.

• Enabled Just-In-Time (JIT) access for 100% of privileged Azure roles, requiring administrators to explicitly request and justify their access for a limited duration, resulting in significantly enhanced security and accountability.

• Automated the JIT access request process using Azure Logic Apps, integrating with a centralized ticketing system for approvals and maintaining a complete audit trail of all privileged access activities.

• Improved security posture by adhering to Microsoft's Zero Trust principles, verifying explicitly, granting least privileged access, and always assuming breach.

• Enhanced visibility and threat detection by integrating Azure Entra ID audit logs and Azure PIM activity logs into Microsoft Sentinel, enabling proactive monitoring and rapid response to suspicious privileged access events.

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

 

All employee identifying information and sensitive resource names have been omitted for confidentiality.

​

• Start: Initiate access request in Azure PIM.

• Approval Process: Request is routed to a designated approver (e.g., team lead) via a ticketing system (e.g., ServiceNow).

• Approval Outcome: Upon approval, Azure Logic Apps triggers role activation.

• Role Activation: User's role is activated temporarily.

• Access Expiry: Access is automatically revoked after the defined period.

• Monitoring: All activities logged within Azure Sentinel and Azure Monitor.

​

Call to Action:

​

Contact me to discuss my experience in implementing Azure Entra ID and JIT RBAC for cloud security, and how I can help your organization secure its Azure environment, reduce risk, and maintain compliance with industry best practices.

​

​