Microsoft introduced the Enterprise Access Model, as an evolution of ESAE, in December 2020. Core principles (e.g., tiered administration) have not been changed but the practical implementation can be still a challenge for many organizations and is much different between cloud and on-premises infrastructure. However, the concept should be an important part of your privileged access strategy to avoid unauthorized pathways which leads to lateral movements and also applies for cloud administration.

In this session, I will share my experiences in designing, managing and monitoring privileged access based on Enterprise Access Model. We will look at a practical approach to design a classification model for tiered administration. The real-world challenges in adopting the privileged access design in enterprise environments and current technical limitations will be one the topics in this talk. We will also discuss some fundamental design questions, for example using a dedicated tenant to host an administrative environment (”Red Tenant”) for privileged assets. Integration of security operations to identify breach of tiered administration and practical guidance on daily operations will be covered in the live demos.