Updated: July 16, 2020 (June 5, 2017)
Analyst ReportUnderstanding Privileged Access Management for AD
Privileged Access Management (PAM) can help organizations manage and control administrator access to applications and systems that are integrated with Active Directory Domain Services (AD DS). PAM manages privileges held by administrators provides a limited audit trail for administrative groups managed by the software. This information could help minimize the risk posed by a set of lost administrative credentials and give insight into the actions of a rogue on-premises administrator. PAM requires licensing Identity Manager either independently or through subscriptions to Azure Active Directory Premium P1 or P2.
PAM: What and Why
PAM is a feature of Identity Manager that provides just-in-time management of administrative credentials used with AD-integrated applications and systems. Generally, these applications will be on-premises; Microsoft-hosted applications can be managed by Azure Active Directory (AAD) Privileged Identity Management (PIM).
Each time an administrator needs to perform a task that requires privilege, the administrator manually requests activation of privileged group membership to complete the task. The organization can require the activation to go through an approval process, and activations are logged. PAM can also enforce the use of Azure Multi-Factor Authentication (MFA) on-premises by administrators when logging in. As soon as the allotted time period has passed, the administrator is removed from membership in the group.
Atlas Members have full access
Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.
Membership OptionsAlready have an account? Login Now