@Hyper
Thank you for your post and I apologize for the delayed response! Because of the links I provided, and number of characters used, I wasn't able to fit this in the comment section, but I hope my response leads you in the right direction!
Best practice when utilizing 3rd parties/contracted vendors for this type of work - Assisting in security detection and response across physical networks and cloud providers
When it comes to best practice with 3rd party venders, I wasn't able to find any specific documentation on this, but to gain a better understanding of your issue:
- How's this 3rd party vendor going to be performing the security detection and response across physical networks and cloud providers?
- What specific permissions do they need?
- Will they need Admin permissions 24/7, or on a case-by-case basis, etc.?
Security Best Practices Links:
Azure security best practices and patterns
Azure Identity Management and access control security best practices
Azure Operational Security best practices
----------
These providers should become a CSP or Microsoft Partner whereby they can then request access to our tenant through this defined relationship through the CSP channels:
- I haven't worked in the Partner Center area, but I've added the partner-center-general tag to this thread so their community can look into this question as well.
Additional Links:
What is Partner Center?
Connect with customers
Support from Microsoft - Partner Center
Get help and contact support - Partner Center
----------
While I do have a few one-offs of accounts created specifically for vendors, none of them have the access level / role these accounts would have
- Can you share more of what you mean by that?
----------
General thoughts/suggestions:
From my experience, I'd recommend looking into some of the below features to help mitigate your security risks if/when creating these vendor accounts.
Additional Links:
Best practices for Azure AD roles - This article describes some of the best practices for using Azure Active Directory role-based access control (Azure AD RBAC)
.
Azure RBAC custom roles - If the Azure built-in roles don't meet the specific needs of your organization, you can create your own custom roles.
Best practices for Azure RBAC - Best practices for using Azure role-based access control (Azure RBAC)
.
Sign-in logs in Azure Active Directory - You can use the sign-ins log to monitor vendor activity and see the sign-in pattern of a user, how many users have signed in over a week, etc.
Manage inactive user accounts in Azure AD - Since user accounts are not always deleted when employees leave an organization. You can detect and handle these obsolete user accounts.
Analyze Azure AD activity logs with Azure Monitor logs
Integrate Azure AD logs with Azure Monitor logs
I hope this helps!
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.