Share via

How to implement tiering model in Microsoft Entra

Richa Kumari 301 Reputation points
2024-04-09T10:20:21.6066667+00:00

Hello,

Microsoft recommends the tiering model for AD that we implemented.
is there any tiering model concept that Microsoft recommends for designing Microsoft Entra so we can implement it in new tenant .

incase no tiering model recommended the recommended things can be implemented in Microsoft Entra tenant instead of tiering, ,also from a security point of view or any baseline security recommendation or best practices for Microsoft Entra .

Thanks
Rich

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft Security | Intune | Security
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Windows for business | Windows Server | Devices and deployment | Configure application groups

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 50,495 Reputation points MVP Volunteer Moderator
    2024-04-09T11:32:10.3566667+00:00

    Use Administrative Units - more at https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/administrative-units

    Implement custom roles whenever the built-in ones are not granular enough - more at https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/custom-create

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments
  2. Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator
    2024-04-10T07:15:10.6733333+00:00

    Hi @Richa Kumari ,

    Thanks for reaching out.

    Microsoft does not have a specific tiering model for Microsoft Entra, but there are some best practices and security recommendations that you can follow to ensure a secure implementation. Here are some recommendations:

    1. Use Azure AD Privileged Identity Management (PIM) to manage access to privileged roles in Microsoft Entra. This will help you to reduce the attack surface area and ensure that only authorized users have access to sensitive roles.

    Implement Multi-Factor Authentication (MFA) for all users who have access to Microsoft Entra. This will help to prevent unauthorized access to the system even if a user's password is compromised.

    Use Conditional Access policies to control access to Microsoft Entra based on user location, device type, and other factors. This will help to ensure that only authorized users can access the system from trusted devices and locations.

    Regularly review and audit access to Microsoft Entra to ensure that only authorized users have access to the system. This will help you to identify and remediate any unauthorized access or suspicious activity.

    Follow the principle of least privilege when assigning roles and permissions in Microsoft Entra. This means that users should only be given the minimum level of access necessary to perform their job functions.

    By following these best practices and security recommendations, you can help to ensure a secure implementation of Microsoft Entra in your organization.

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.