SlideShare una empresa de Scribd logo

Role-based access control (RBAC) and more

Descargar como PPTX, PDF
T
Tim Hermie ☁️

MC2MC Community Week session by Mirko Colemberg

Tecnología
1 de 26
MC2MC Role-based access control (RBAC) and more @mirkocolemberg
About me… • Mirko Colemberg Workplace Sommelier • Windows Insider MVP / Endpoint Manager MVP • MVM FY20 Q2 (Most Valuable Mentor) • Contact Me Twitter:https://twitter.com/mirkocolemberg Blog: http://blog.colemberg.ch Mail: mirko.colemberg@basevision.ch
New Tenant • What to do first? • What’s next • What’s about rights management?
RBAC in Azure/Intune
Administrative units Administrative units allow you to grant admin permissions that are restricted to a department, region, or other segment of your organization that you define. You can use administrative units to delegate permissions to regional administrators or to set policy at a granular level. For example, a User account admin could update profile information, reset passwords, and assign licenses for users only in their administrative unit.
Overview RBAC
Scope Tags Tags are used to tag for example objects in Intune. These objects can be devices, policies, profiles and so on. If you have a group of device objects, you can Tag a security Group. If you like to tag every Device it self, it is easier to use a script and do it with Graph API: https://github.com/microsoftgraph/powershell-intune- samples/tree/master/RBAC#12-rbac_scopetags_deviceunassignps1
Tag something like a Key to Access your House
Scope tag on a Device
Scope Group Scope Group means that there are some users or devices to manage such as a limited group of objects like devices (iOS, Android or Windows) or only part of them such as all iOS from Marketing, etc.
A Group of People to Manage -> adding those to a AAD-Group
Member Group Member are one persona or a group of people who have to manage the objects in the Scope Group.
Those are the Engineers – Group to Manage Intune
Role Roles have different kinds of permissions. A role can have only “Read” rights on specific objects or “Write” or “Create” rights. We can for example grant access to create a new configuration profile or only change a Config profile with reading and writing access. A role can be used multiple times.
Like a Job Profile
Role
RBAC in Azure/Intune
Assigenment The Assignment contains Tags, Groups and Group Members. They are assigned to a role, which can only one or even multiple assignments.
Administrative units Administrative units allow you to grant admin permissions that are restricted to a department, region, or other segment of your organization that you define. You can use administrative units to delegate permissions to regional administrators or to set policy at a granular level. For example, a User account admin could update profile information, reset passwords, and assign licenses for users only in their administrative unit.
GRAPH
Intune – Powershell SAMPLES GITHUB https://github.com/microsoftgraph/powershell-intune-samples
Intune – PowerShell Module Available on GitHub today and in PowerShell Gallery: • https://aka.ms/intunepowershell • https://www.powershellgallery.com/pack ages/Microsoft.Graph.Intune Supports • v1.0 Graph Endpoints • Parameter sets for properties • PowerShell credentials for Authentication • PowerShell Pipeline
Thank you Share your voice / ideas! • http://microsoftintune.userv oice.com/ • http://configurationmanager. uservoice.com/

Recomendados

Profiles and permission sets in salesforce
Profiles and permission sets in salesforceProfiles and permission sets in salesforce
Profiles and permission sets in salesforce
Sunil kumar
 
Profiles and permission sets
Profiles and permission setsProfiles and permission sets
Profiles and permission sets
Vishesh Singhal
 
Sharing and setting in salesforce
Sharing and setting in salesforceSharing and setting in salesforce
Sharing and setting in salesforce
Vishesh Singhal
 
Cairo meetup low code best practices
Cairo meetup low code best practicesCairo meetup low code best practices
Cairo meetup low code best practices
Ahmed Keshk
 
White Paper : Powerful Health Care Information system
White Paper : Powerful Health Care Information systemWhite Paper : Powerful Health Care Information system
White Paper : Powerful Health Care Information system
Kuntal(KJ) Mehta
 
Record sharing model in salesforce
Record sharing model in salesforceRecord sharing model in salesforce
Record sharing model in salesforce
Sunil kumar
 
2020 07-22 fireside chat : Record Ownership Deep Dive
2020 07-22 fireside chat : Record Ownership Deep Dive2020 07-22 fireside chat : Record Ownership Deep Dive
2020 07-22 fireside chat : Record Ownership Deep Dive
Jihun Jung
 
Salesforce admin training 2
Salesforce admin training 2Salesforce admin training 2
Salesforce admin training 2
HungPham381
 

Recomendados

Profiles and permission sets in salesforce
Profiles and permission sets in salesforceProfiles and permission sets in salesforce
Profiles and permission sets in salesforce
Sunil kumar
 
Profiles and permission sets
Profiles and permission setsProfiles and permission sets
Profiles and permission sets
Vishesh Singhal
 
Sharing and setting in salesforce
Sharing and setting in salesforceSharing and setting in salesforce
Sharing and setting in salesforce
Vishesh Singhal
 
Cairo meetup low code best practices
Cairo meetup low code best practicesCairo meetup low code best practices
Cairo meetup low code best practices
Ahmed Keshk
 
White Paper : Powerful Health Care Information system
White Paper : Powerful Health Care Information systemWhite Paper : Powerful Health Care Information system
White Paper : Powerful Health Care Information system
Kuntal(KJ) Mehta
 
Record sharing model in salesforce
Record sharing model in salesforceRecord sharing model in salesforce
Record sharing model in salesforce
Sunil kumar
 
2020 07-22 fireside chat : Record Ownership Deep Dive
2020 07-22 fireside chat : Record Ownership Deep Dive2020 07-22 fireside chat : Record Ownership Deep Dive
2020 07-22 fireside chat : Record Ownership Deep Dive
Jihun Jung
 
Salesforce admin training 2
Salesforce admin training 2Salesforce admin training 2
Salesforce admin training 2
HungPham381
 
2020 07-08 fireside chat sharing architecture
2020 07-08 fireside chat sharing architecture2020 07-08 fireside chat sharing architecture
2020 07-08 fireside chat sharing architecture
Jihun Jung
 
Role & Record based security in Hitachi Solutions Ecommerce
Role & Record based security in Hitachi Solutions EcommerceRole & Record based security in Hitachi Solutions Ecommerce
Role & Record based security in Hitachi Solutions Ecommerce
Hitachi Solutions America, Ltd.
 
M365 admin center overview - November 2018
M365 admin center overview - November 2018M365 admin center overview - November 2018
M365 admin center overview - November 2018
Matthew Ruderman
 
August 12: Sugar’s Security Model – Teams and Roles
August 12: Sugar’s Security Model – Teams and Roles August 12: Sugar’s Security Model – Teams and Roles
August 12: Sugar’s Security Model – Teams and Roles
ticomixcrm
 
24 - Panorama Necto 14 administration - visualization & data discovery solution
24 - Panorama Necto 14 administration - visualization & data discovery solution24 - Panorama Necto 14 administration - visualization & data discovery solution
24 - Panorama Necto 14 administration - visualization & data discovery solution
Panorama Software
 
Sap basis and_security_administration
Sap basis and_security_administrationSap basis and_security_administration
Sap basis and_security_administration
Anil Kumar Reddy Cheppalli
 
TrackStudio Permissions
TrackStudio PermissionsTrackStudio Permissions
TrackStudio Permissions
Maxim Kramarenko
 
Mother May I?
Mother May I?Mother May I?
Mother May I?
shaeesi
 
2004 10 21 Rbac At Mazda Horst Walther
2004 10 21 Rbac At Mazda Horst Walther2004 10 21 Rbac At Mazda Horst Walther
2004 10 21 Rbac At Mazda Horst Walther
CardinaleWay Mazda
 
Introduction on sap security
Introduction on sap securityIntroduction on sap security
Introduction on sap security
yektek
 
10 define workforce structures
10 define workforce structures10 define workforce structures
10 define workforce structures
mohamed refaei
 
Global Azure Bootcamp 2018 - Oh no my organization went Azure
Global Azure Bootcamp 2018 - Oh no my organization went AzureGlobal Azure Bootcamp 2018 - Oh no my organization went Azure
Global Azure Bootcamp 2018 - Oh no my organization went Azure
Karim Vaes
 
Relations In Online Communities
Relations In Online CommunitiesRelations In Online Communities
Relations In Online Communities
sparrowzen
 
MOSS2007 Security
MOSS2007 SecurityMOSS2007 Security
MOSS2007 Security
dropkic
 
Relations In Online Communities
Relations In Online CommunitiesRelations In Online Communities
Relations In Online Communities
sparrowzen
 
Administer Active Directory
Administer Active DirectoryAdminister Active Directory
Administer Active Directory
Hameda Hurmat
 
Non-functional requirements
Non-functional requirements Non-functional requirements
Non-functional requirements
Rohela Raouf
 
Easy Learning Presentation Moss 2007 Usman
Easy Learning Presentation Moss 2007 UsmanEasy Learning Presentation Moss 2007 Usman
Easy Learning Presentation Moss 2007 Usman
Usman Zafar Malik
 
Easy Learning Presentation Moss 2007 Usman
Easy Learning Presentation Moss 2007 UsmanEasy Learning Presentation Moss 2007 Usman
Easy Learning Presentation Moss 2007 Usman
Usman Zafar Malik
 
Drupal for Developers
Drupal for DevelopersDrupal for Developers
Drupal for Developers
넥스트이온 (Nextaeon)
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
The Digital Insurer
 

Más contenido relacionado

Similar a Role-based access control (RBAC) and more

Easy Learning Presentation Moss 2007 Usman
Easy Learning Presentation Moss 2007 UsmanEasy Learning Presentation Moss 2007 Usman
Easy Learning Presentation Moss 2007 Usman
Usman Zafar Malik
 
Easy Learning Presentation Moss 2007 Usman
Easy Learning Presentation Moss 2007 UsmanEasy Learning Presentation Moss 2007 Usman
Easy Learning Presentation Moss 2007 Usman
Usman Zafar Malik
 

Similar a Role-based access control (RBAC) and more (20)

2020 07-08 fireside chat sharing architecture
2020 07-08 fireside chat sharing architecture2020 07-08 fireside chat sharing architecture
2020 07-08 fireside chat sharing architecture
 
Role & Record based security in Hitachi Solutions Ecommerce
Role & Record based security in Hitachi Solutions EcommerceRole & Record based security in Hitachi Solutions Ecommerce
Role & Record based security in Hitachi Solutions Ecommerce
 
M365 admin center overview - November 2018
M365 admin center overview - November 2018M365 admin center overview - November 2018
M365 admin center overview - November 2018
 
August 12: Sugar’s Security Model – Teams and Roles
August 12: Sugar’s Security Model – Teams and Roles August 12: Sugar’s Security Model – Teams and Roles
August 12: Sugar’s Security Model – Teams and Roles
 
24 - Panorama Necto 14 administration - visualization & data discovery solution
24 - Panorama Necto 14 administration - visualization & data discovery solution24 - Panorama Necto 14 administration - visualization & data discovery solution
24 - Panorama Necto 14 administration - visualization & data discovery solution
 
Sap basis and_security_administration
Sap basis and_security_administrationSap basis and_security_administration
Sap basis and_security_administration
 
TrackStudio Permissions
TrackStudio PermissionsTrackStudio Permissions
TrackStudio Permissions
 
Mother May I?
Mother May I?Mother May I?
Mother May I?
 
2004 10 21 Rbac At Mazda Horst Walther
2004 10 21 Rbac At Mazda Horst Walther2004 10 21 Rbac At Mazda Horst Walther
2004 10 21 Rbac At Mazda Horst Walther
 
Introduction on sap security
Introduction on sap securityIntroduction on sap security
Introduction on sap security
 
10 define workforce structures
10 define workforce structures10 define workforce structures
10 define workforce structures
 
Global Azure Bootcamp 2018 - Oh no my organization went Azure
Global Azure Bootcamp 2018 - Oh no my organization went AzureGlobal Azure Bootcamp 2018 - Oh no my organization went Azure
Global Azure Bootcamp 2018 - Oh no my organization went Azure
 
Relations In Online Communities
Relations In Online CommunitiesRelations In Online Communities
Relations In Online Communities
 
MOSS2007 Security
MOSS2007 SecurityMOSS2007 Security
MOSS2007 Security
 
Relations In Online Communities
Relations In Online CommunitiesRelations In Online Communities
Relations In Online Communities
 
Administer Active Directory
Administer Active DirectoryAdminister Active Directory
Administer Active Directory
 
Non-functional requirements
Non-functional requirements Non-functional requirements
Non-functional requirements
 
Easy Learning Presentation Moss 2007 Usman
Easy Learning Presentation Moss 2007 UsmanEasy Learning Presentation Moss 2007 Usman
Easy Learning Presentation Moss 2007 Usman
 
Easy Learning Presentation Moss 2007 Usman
Easy Learning Presentation Moss 2007 UsmanEasy Learning Presentation Moss 2007 Usman
Easy Learning Presentation Moss 2007 Usman
 
Drupal for Developers
Drupal for DevelopersDrupal for Developers
Drupal for Developers
 

Último

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Último (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 

Role-based access control (RBAC) and more

  • 2.
  • 3. About me… • Mirko Colemberg Workplace Sommelier • Windows Insider MVP / Endpoint Manager MVP • MVM FY20 Q2 (Most Valuable Mentor) • Contact Me Twitter:https://twitter.com/mirkocolemberg Blog: http://blog.colemberg.ch Mail: mirko.colemberg@basevision.ch
  • 4. New Tenant • What to do first? • What’s next • What’s about rights management?
  • 6. Administrative units Administrative units allow you to grant admin permissions that are restricted to a department, region, or other segment of your organization that you define. You can use administrative units to delegate permissions to regional administrators or to set policy at a granular level. For example, a User account admin could update profile information, reset passwords, and assign licenses for users only in their administrative unit.
  • 7.
  • 9.
  • 10. Scope Tags Tags are used to tag for example objects in Intune. These objects can be devices, policies, profiles and so on. If you have a group of device objects, you can Tag a security Group. If you like to tag every Device it self, it is easier to use a script and do it with Graph API: https://github.com/microsoftgraph/powershell-intune- samples/tree/master/RBAC#12-rbac_scopetags_deviceunassignps1
  • 11. Tag something like a Key to Access your House
  • 12. Scope tag on a Device
  • 13. Scope Group Scope Group means that there are some users or devices to manage such as a limited group of objects like devices (iOS, Android or Windows) or only part of them such as all iOS from Marketing, etc.
  • 14. A Group of People to Manage -> adding those to a AAD-Group
  • 15. Member Group Member are one persona or a group of people who have to manage the objects in the Scope Group.
  • 16. Those are the Engineers – Group to Manage Intune
  • 17. Role Roles have different kinds of permissions. A role can have only “Read” rights on specific objects or “Write” or “Create” rights. We can for example grant access to create a new configuration profile or only change a Config profile with reading and writing access. A role can be used multiple times.
  • 18. Like a Job Profile
  • 19. Role
  • 21. Assigenment The Assignment contains Tags, Groups and Group Members. They are assigned to a role, which can only one or even multiple assignments.
  • 22. Administrative units Administrative units allow you to grant admin permissions that are restricted to a department, region, or other segment of your organization that you define. You can use administrative units to delegate permissions to regional administrators or to set policy at a granular level. For example, a User account admin could update profile information, reset passwords, and assign licenses for users only in their administrative unit.
  • 23. GRAPH
  • 24. Intune – Powershell SAMPLES GITHUB https://github.com/microsoftgraph/powershell-intune-samples
  • 25. Intune – PowerShell Module Available on GitHub today and in PowerShell Gallery: • https://aka.ms/intunepowershell • https://www.powershellgallery.com/pack ages/Microsoft.Graph.Intune Supports • v1.0 Graph Endpoints • Parameter sets for properties • PowerShell credentials for Authentication • PowerShell Pipeline
  • 26. Thank you Share your voice / ideas! • http://microsoftintune.userv oice.com/ • http://configurationmanager. uservoice.com/