permissions assigned/restricted with cyber security personnel

crib bar 846 Reputation points
2024-01-29T08:08:45.41+00:00

I am interested to learn if you have any specific policies in your companies about what permissions you can or cannot grant to cyber security professionals? I have read some companies actually reduce the permissions/roles etc granted to cyber security management to help enforce the concepts of ‘separation of duties’ (so independence from certain functions/protect against conflicts of interest), but in practice I wondered how commonplace this was and what specifically you keep away from cyber security staff in terms of AD permissions. For example do your cyber security professionals get domain admin or other privileged roles in your AD, or do you have to tactically remove certain privileges from their accounts (and if so which/why)? It may be easier to describe any specific actions/duties/support/troubleshooting that you don't allow the cyber security employees to perform as opposed to specific roles etc.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft Security | Intune | Security
Windows for business | Windows Server | Devices and deployment | Configure application groups
Microsoft Security | Microsoft Entra | Other
0 comments No comments
{count} votes

Accepted answer
  1. Thameur-BOURBITA 36,266 Reputation points Moderator
    2024-01-29T08:50:55.3766667+00:00

    Hi @crib bar

    They don't need domain admin privilege. You should give them least privilege based on their needs like others administrators in your team.

    Domain admins privilege is required only for admin who need performing some action like DC promo.

    I invite your to take a look at this link : Implementing Least-Privilege Administrative Models


    Please don't forget to accept helpful answer

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.