Create revised list of highly privileged roles for Scuba Entra Id privileged access policies #1330

tkol2022 · 2024-09-24T17:10:47Z

💡 Summary

Previous work on #540 and #1230 was conducted to analyze Scuba's existing list of privileged roles and consider expanding it since it was noted as being incomplete. Scuba also reviewed Microsoft's new role classification paradigm and met with them to discuss the topic. The scope of this issue is to finalize the list of highly privileged roles which will be referenced in the Entra Id baseline and ScubaGear.

Implementation notes

Examine Microsoft's new Entra Id role classification and incorporate the highly privileged roles into Scuba
Determine which additional roles will be considered highly privileged by Scuba and document them to create a final list
Create an issue to update the baseline document
Create an issue to update ScubaGear to update the DefaultPrivilegedRoles field in ScubaConfig.psm1 and test with the new roles to ensure that there aren't any unexpected impacts to the behavior of the tool

tkol2022 added the enhancement This issue or pull request will add new or improve existing functionality label Sep 24, 2024

tkol2022 mentioned this issue Sep 25, 2024

Determine if the recommended new AAD baseline policy "Number of users with the highest privilege roles shall be limited" is still necessary? #282

Open

5 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Create revised list of highly privileged roles for Scuba Entra Id privileged access policies #1330

Create revised list of highly privileged roles for Scuba Entra Id privileged access policies #1330

tkol2022 commented Sep 24, 2024

Create revised list of highly privileged roles for Scuba Entra Id privileged access policies #1330

Create revised list of highly privileged roles for Scuba Entra Id privileged access policies #1330

Comments

tkol2022 commented Sep 24, 2024

💡 Summary

Implementation notes