PowerShell and DevOps

TMT07 Secure Your Environment with Just Enough Administration (JEA)

11/16/2021

2:45pm - 4:00pm

Level: Introductory to Intermediate

Michael Wiley

Senior Customer Engineer

Microsoft

Highly privileged accounts used to administer your servers pose a serious security risk. Should an attacker compromise one of these accounts, they could launch lateral attacks across your organization. Each account they compromise can give them access to even more accounts and resources, putting them one-step closer to stealing company secrets, launching a denial-of-service attack, and more. It is not always easy to remove administrative privileges, either. JEA helps address this problem by helping you adopt the principle of Least Privilege. With JEA, you can configure a management endpoint for administrators that gives them access to all the PowerShell commands they need to get their job done, but nothing more. Better yet, when the JEA session is configured to use temporary privileged virtual accounts, administrators can connect to the server using non-admin credentials and still be able to run commands which typically require admin privileges. This capability enables you to remove users from widely-privileged local/domain administrator roles and instead carefully control what they are able to do on each machine.

You will learn:

  • Reduce the number of administrator accounts needed to manage machines in your environment
  • Employ the concept of Least Privilege to harden your organization's servers
  • Seriously reduce your company's exposure to malicious PowerShell code execution