Identity Governance challenge #3: How to keep track of who has what level of access to critical data using ADManager Plus?

Identity Governance challenge #3: How to keep track of who has what level of access to critical data using ADManager Plus?

According to a CyberSecurity Insiders threat report, 70 percent of users have more access privileges than required. Some common reasons for this include bulk approvals for access requests, improper implementation of user's changes in roles or departments, not having a proper system to verify and grant privileges, and not reviewing access privileges frequently. The simplest way of keeping track of all these is to use ADManager Plus' built-in reports on folders accessible to a specific user, permissions for folders, recently modified users and more. Further, these reports can also be exported as PDF, HTML, CSV, and more, scheduled to be automatically generated and redistributed via emails to IT managers or security teams.

 

The following steps will guide you with generating access permission reports using ADManager Plus.

 

    1. Navigate to Reports. You can find the reports listed in their respective categories here. Most of the reports required for access governance are listed under categories like Folder reports, User reports, Computer reports, etc.

    2. Select the domain and OUs (if needed) and click Generate.

 

To schedule and export a report,

 

    1. Navigate to Reports > Schedule Reports > Create Schedule.

    2. Enter a suitable Name and Description for the schedule.

    3. Choose the Domain and the Reports you wish to schedule. Click on the edit icon next to the chosen report to select the attributes or columns you need in the report.
    4.  You can set the frequency of the report generation to be Hourly, Daily, Weekly, Monthly or a Custom time period. You can also set the time of the day for the report to be generated.
    5. Likewise, you can choose the format (HTML, CSVDE, CSV, PDF or XLSX) in which you want the report to be delivered in the Schedule Report Format section.
    6. Enter the email address of the IT managers or security team heads, to whom the report needs to be sent to.
    7. Click Save.

 

Tune in next week to know how to set up an automated cleanup of access privileges for deprovisioned user accounts.

 

Cheers,

Team ADManager Plus
        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial





                            Related Products