Auditing - Ensure The User Role Group Changes Are Reviewed At Least Weekly

 












Summary

Role-based Access Control allows the users to be assigned according to their roles within an organization. It's more manageable form of access control that is less prone to errors. These user roles can be audited inside of Microsoft Purview to provide a security auditor insight into user privilege change.

Reason

By reviewing weekly, one can easily identify the right changes required in an organization and largely maintaining the Least Privilege and preventing Privilege creep. Insider Threats, either intentional or unintentional can occur when a user has higher than needed privileges and if accountability of role membership is maintained, then, it will keep the Insiders and malicious actors limited in the scope of potential damaging activities.

What If?

Enabling this setting will require the Administrators assigning rights to users, to justify the changes to the security auditors. Documentation including detailed policies, procedures, and change requests will need to be considered in order to keep a secure organization functioning within its planned operational level.

How to?

To review user role group changes, perform the following steps using the Microsoft 365 Admin Center:
  1. Under Admin Centers click on Compliance to be redirected to Microsoft Purview.
  2. Click on Audit then select Search.
  3. In Activities find Added member to Role under the Role administration activities section.
  4. Now, set Start date and End date.
  5. Click Search.
  6. Review.

To review user role group changes, perform the following steps using the Exchange Online PowerShell Module:
  1. Connect to Exchange Online using Connect-ExchangeOnline.
  2. Now, run the following Exchange Online PowerShell command: 

  3. $startDate = ((Get-Date) .AddDays (-7)) .ToShortDateString ()
    $endDate = ((Get-Date) .ToShortDateString ()
Search-UnifiedAuditLog -StartDate $startDate -EndDate $endDate | Where-Object
{ $_.Operations -eq "Add member to role." }

      3. Review the output

Monitor:

To verify user role group changes are being reviewed at least weekly, confirm that the necessary procedures are in place and being followed.












































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Design Planning (Part 3)