How to implement tiering model in Microsoft Entra

Richa Kumari 286 Reputation points
2024-04-09T10:20:21.6066667+00:00

Hello,

Microsoft recommends the tiering model for AD that we implemented.
is there any tiering model concept that Microsoft recommends for designing Microsoft Entra so we can implement it in new tenant .

incase no tiering model recommended the recommended things can be implemented in Microsoft Entra tenant instead of tiering, ,also from a security point of view or any baseline security recommendation or best practices for Microsoft Entra .

Thanks
Rich

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,538 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,837 questions
Microsoft Intune Security
Microsoft Intune Security
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
419 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,759 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Marcin Policht 24,115 Reputation points MVP
    2024-04-09T11:32:10.3566667+00:00

    Use Administrative Units - more at https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/administrative-units

    Implement custom roles whenever the built-in ones are not granular enough - more at https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/custom-create


    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments No comments

  2. Shweta Mathur 29,746 Reputation points Microsoft Employee
    2024-04-10T07:15:10.6733333+00:00

    Hi @Richa Kumari ,

    Thanks for reaching out.

    Microsoft does not have a specific tiering model for Microsoft Entra, but there are some best practices and security recommendations that you can follow to ensure a secure implementation. Here are some recommendations:

    1. Use Azure AD Privileged Identity Management (PIM) to manage access to privileged roles in Microsoft Entra. This will help you to reduce the attack surface area and ensure that only authorized users have access to sensitive roles.

    Implement Multi-Factor Authentication (MFA) for all users who have access to Microsoft Entra. This will help to prevent unauthorized access to the system even if a user's password is compromised.

    Use Conditional Access policies to control access to Microsoft Entra based on user location, device type, and other factors. This will help to ensure that only authorized users can access the system from trusted devices and locations.

    Regularly review and audit access to Microsoft Entra to ensure that only authorized users have access to the system. This will help you to identify and remediate any unauthorized access or suspicious activity.

    Follow the principle of least privilege when assigning roles and permissions in Microsoft Entra. This means that users should only be given the minimum level of access necessary to perform their job functions.

    By following these best practices and security recommendations, you can help to ensure a secure implementation of Microsoft Entra in your organization.

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.