You're reading from Active Directory Administration Cookbook, Second Edition Proven solutions to everyday identity and authentication challenges for both on-premises and the cloud

Product type Paperback

Published in Jul 2022

Publisher Packt

ISBN-13 9781803242507

Length 696 pages

Edition 2nd Edition

Languages

PowerShell

Tools

Azure

Concepts

Identity Management

Author (1):

Sander Berkouwer

View More author details

Table of Contents (18) Chapters

Preface

1. Chapter 1: Optimizing Forests, Domains, and Trusts

2. Chapter 2: Managing Domain Controllers FREE CHAPTER

3. Chapter 3: Managing Active Directory Roles and Features

4. Chapter 4: Managing Containers and Organizational Units

5. Chapter 5: Managing Active Directory Sites and Troubleshooting Replication

6. Chapter 6: Managing Active Directory Users

7. Chapter 7: Managing Active Directory Groups

8. Chapter 8: Managing Active Directory Computers

9. Chapter 9: Managing DNS

10. Chapter 10: Getting the Most Out of Group Policy

11. Chapter 11: Securing Active Directory

12. Chapter 12: Managing Certificates

13. Chapter 13: Managing Federation

14. Chapter 14: Handling Authentication in a Hybrid World (AD FS, PHS, PTA, and DSSO)

15. Chapter 15: Handling Synchronization in a Hybrid World (Azure AD Connect)

16. Chapter 16: Hardening Azure AD

17. Other Books You May Enjoy

Configuring Azure AD PIM

This recipe shows how to get the most out of Azure AD Privileged Identity Management (PIM).

Getting ready

To complete this recipe, sign in to Azure AD with an account that has the Global administrator role assigned to it.

The PIM functionality requires Azure AD Premium P2 licenses or Microsoft licenses that include the P2 license, such as EMS E5, EMS A5, or Microsoft 365 E5.

People whose Azure AD accounts are assigned privilege roles in PIM and are required to perform MFA to request the role should already have registered at least one MFA method.

Tip

Microsoft recommends configuring at least two MFA methods that are not tied to the same mobile number or mobile device.

How to do it...

Perform these steps to set up a person with the Conditional Access administrator privileged role in PIM that requires MFA and a justification to request it: