Implement JIT and JEA Administration in Windows Server 2019

by Robert McMillen

This course will teach you how to create a desired state configuration for JEA and JIT to keep your Active Directory network safe from internal and external administrative threats.

Preview this course

What you'll learn

The modern Windows network has issues with locking down security. In this course, Implement JIT and JEA Administration in Windows Server 2019, you’ll learn how to create an environment to protect administrative access to only authorized users and only when they need it and will learn about two different ways to accomplish this secure goal. First, you’ll learn about Just Enough Administration. This includes creating configuration and capability files to configure the JEA environment. Next, you’ll explore Just In Time administration. This type of security involves separating administrative access using bastion forests and domains. Finally, you’ll configure a bastion forest and create the necessary links and trusts to work between this forest and your production forest. You’ll learn this by utilizing shadow principles using Microsoft Identity Manager. By the end of this course, you'll be able to secure your on-premise or cloud environment more completely with JEA and JIT.

Course Overview

2mins

Course Overview 2m

Preparing Endpoints for Just Enough Administration

29mins

Intro to JEA Endpoint and the Desired State Configuration 6m
Configuring Prerequisites for a JEA Endpoint 5m
Role Capability and Session Configuration Files 4m
Prepping the Domain for Role Capability 3m
Session Configuration File Demonstration 6m
Role Capability File Demonstration 5m

Deploying Just Enough Administration for Secure Management

27mins

JEA Endpoints Connections from Servers to Workstations 3m
Register a Single JEA Endpoint 2m
Register Multiple JEA Endpoints 2m
Test JEA Endpoint Permissions from a Non-administrator 4m
Security Considerations for JEA 4m
Privileged Access Management Solution 5m
Understanding Just in Time Administration 7m

Configuring the Bastion Forest Using Microsoft Identity Manager (MIM) Specifications

37mins

Prepare the Company Domain Controller 7m
Prepare the Bastion Domain Controller 10m
Prepare the Privileged Access Management (PAM) Server 9m
Configure PAM Server 11m

Installing and Configuring Microsoft Identity Manager Portal and Policies

22mins

Establish Trust between Company and Bastion Forests 6m
Create Groups for Privileged Access 2m
Understanding Shadow Principals 4m
Elevate a Single Standard User for Temporary Administrator Access 6m
Reviewing Objects Trusts and Logs 4m

Utilizing Microsoft Identity Manager Using the Web Portal and PowerShell

36mins

What Is Azure JIT Administration? 2m
Activating Privileged Identity Management Licenses 6m
Reviewing User Roles and Workflows in Azure AD 6m
Setup a User to Become an Eligible Temporary Administrator 8m
Editing Workflows and Reviewing JIT Audits 6m
Azure JIT Group Roles and Permanent Assignments 8m

About the author

Robert McMillen

Professor Robert McMillen is a networking consultant with over 50 technical certifications. He has an MBA where he teaches Windows Server Administration at two colleges, and has earned his MCSE and MCT from Microsoft. Robert McMillen is the president and founder of All Tech 1, a Portland-based network consulting company. Robert has over 20 years of experience in network engineering and earned certifications from companies like Microsoft, Checkpoint, IBM, and Cisco. He also hosts a weekly syndi... more

See more courses by Robert McMillen

Ready to upskill? Get started

2022 Tech Forecast and
Build Better Blueprint

Prepare for shifts and trends in the industry

Implement JIT and JEA Administration in Windows Server 2019

What you'll learn

Table of contents

About the author

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 14-day pilot, you can:

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 14-day pilot, you can:

Solutions

Platform

Company

Resources

Support

2022 Tech Forecast and Build Better Blueprint

Prepare for shifts and trends in the industry

Implement JIT and JEA Administration in Windows Server 2019

What you'll learn

Table of contents

About the author

Get access now

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 14-day pilot, you can:

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 14-day pilot, you can:

Solutions

Platform

Company

Resources

Support

2022 Tech Forecast and
Build Better Blueprint

Ready to skill up
your entire team?

Ready to skill up
your entire team?