Редагувати

Поділитися через


Enable Permissions Management (CIEM)

Microsoft Defender for Cloud's integration with Microsoft Entra Permissions Management (Permissions Management) provides a Cloud Infrastructure Entitlement Management (CIEM) security model that helps organizations manage and control user access and entitlements in their cloud infrastructure. CIEM is a critical component of the Cloud Native Application Protection Platform (CNAPP) solution that provides visibility into who or what has access to specific resources. It ensures that access rights adhere to the principle of least privilege (PoLP), where users or workload identities, such as apps and services, receive only the minimum levels of access necessary to perform their tasks. CIEM also helps organizations to monitor and manage permissions across multiple cloud environments, including Azure, AWS, and GCP.

Before you start

Enable Permissions Management (CIEM) for Azure

When you enabled the Defender CSPM plan on your Azure account, the Azure CSPM standard is automatically assigned to your subscription. The Azure CSPM standard provides Cloud Infrastructure Entitlement Management (CIEM) recommendations.

When Permissions Management (CIEM) is disabled, the CIEM recommendations within the Azure CSPM standard won’t be calculated.

  1. Sign in to the Azure portal.

  2. Search for and select Microsoft Defender for Cloud.

  3. Navigate to Environment settings.

  4. Select relevant subscription.

  5. Locate the Defender CSPM plan and select Settings.

  6. Enable Permissions Management (CIEM).

    Screenshot that shows you where the toggle is for the permissions management is located.

  7. Select Continue.

  8. Select Save.

The applicable Permissions Management (CIEM) recommendations appear on your subscription within a few hours.

List of Azure recommendations:

  • Azure overprovisioned identities should have only the necessary permissions

  • Permissions of inactive identities in your Azure subscription should be revoked

Enable Permissions Management (CIEM) for AWS

When you enabled the Defender CSPM plan on your AWS account, the AWS CSPM standard is automatically assigned to your subscription. The AWS CSPM standard provides Cloud Infrastructure Entitlement Management (CIEM) recommendations. When Permission Management is disabled, the CIEM recommendations within the AWS CSPM standard won’t be calculated.

  1. Sign in to the Azure portal.

  2. Search for and select Microsoft Defender for Cloud.

  3. Navigate to Environment settings.

  4. Select relevant AWS account.

  5. Locate the Defender CSPM plan and select Settings.

    Screenshot that shows an AWS account and the Defender CSPM plan enabled and where the settings button is located.

  6. Enable Permissions Management (CIEM).

  7. Select Configure access.

  8. Select the relevant permissions type.

  9. Select a deployment method.

  10. Run the updated script on your AWS environment using the onscreen instructions.

  11. Check the CloudFormation template has been updated on AWS environment (Stack) checkbox.

    Screenshot that shows where the checkbox is located on the screen.

  12. Select Review and generate.

  13. Select Update.

The applicable Permissions Management (CIEM) recommendations appear on your subscription within a few hours.

List of AWS recommendations:

  • AWS overprovisioned identities should have only the necessary permissions

  • Permissions of inactive identities in your AWS account should be revoked

Enable Permissions Management (CIEM) for GCP

When you enabled the Defender CSPM plan on your GCP project, the GCP CSPM standard is automatically assigned to your subscription. The GCP CSPM standard provides Cloud Infrastructure Entitlement Management (CIEM) recommendations.

When Permissions Management (CIEM) is disabled, the CIEM recommendations within the GCP CSPM standard won’t be calculated.

  1. Sign in to the Azure portal.

  2. Search for and select Microsoft Defender for Cloud.

  3. Navigate to Environment settings.

  4. Select relevant GCP project.

  5. Locate the Defender CSPM plan and select Settings.

    Screenshot that shows where to select settings for the Defender CSPM plan for your GCP project.

  6. Toggle Permissions Management (CIEM) to On.

  7. Select Save.

  8. Select Next: Configure access.

  9. Select the relevant permissions type.

  10. Select a deployment method.

  11. Run the updated Cloud shell or Terraform script on your GCP environment using the on screen instructions.

  12. Add a check to the I ran the deployment template for the changes to take effect checkbox.

    Screenshot that shows the checkbox that needs to be selected.

  13. Select Review and generate.

  14. Select Update.

The applicable Permissions Management (CIEM) recommendations appear on your subscription within a few hours.

List of GCP recommendations:

  • GCP overprovisioned identities should have only necessary permissions

  • Permissions of inactive identities in your GCP project should be revoked

Next step