Cloud-based privileged access management

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Michael E. Stephens · West Lake Hills, US
• Mark David MOROWCZYNSKI · Seattle, US
• Oana Elena Enache · Bellevue, US
• Steven Jay LIEBERMAN · Redmond, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2141
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A secure cloud-based privileged access management (CBPAM) service manages on-premise resources. While enrolling an on-premise authentication domain admin group, a secured cloud-based shadow administrating group (SCBSAG) is created; a SCBSAG security identification includes at least part of the enrollee's security identification. The SCBSAG belongs to a clean CBPAM authentication domain which may be secured by defense in depth controls such as time limits on authentication or authorization, password avoidance, least privilege, one-way syncing, and one-way trust. Management via the configured SCBSAG may be fostered by emptying the on-premise admin group, although a break glass account may be kept. CBPAM services direct administrative actions toward on-premise resources through SCBSAGs for cloud tenants, providing secure management control as a service, with broader geographic scope and lower maintenance burdens and costs than privileged access management approaches that are not cloud-based.