Implement JIT and JEA Administration in Windows Server 2019

By Robert McMillen
This course will teach you how to create a desired state configuration for JEA and JIT to keep your Active Directory network safe from internal and external administrative threats.
Play course overview
Course info
Level
Advanced
Updated
Jan 22, 2021
Duration
2h 31m
Table of contents
Course Overview
Course Overview 2m
Preparing Endpoints for Just Enough Administration
Intro to JEA Endpoint and the Desired State Configuration 6m Configuring Prerequisites for a JEA Endpoint 5m Role Capability and Session Configuration Files 4m Prepping the Domain for Role Capability 3m Session Configuration File Demonstration 6m Role Capability File Demonstration 5m
Deploying Just Enough Administration for Secure Management
JEA Endpoints Connections from Servers to Workstations 3m Register a Single JEA Endpoint 2m Register Multiple JEA Endpoints 2m Test JEA Endpoint Permissions from a Non-administrator 4m Security Considerations for JEA 4m Privileged Access Management Solution 5m Understanding Just in Time Administration 7m
Configuring the Bastion Forest Using Microsoft Identity Manager (MIM) Specifications
Prepare the Company Domain Controller 7m Prepare the Bastion Domain Controller 10m Prepare the Privileged Access Management (PAM) Server 9m Configure PAM Server 11m
Installing and Configuring Microsoft Identity Manager Portal and Policies
Establish Trust between Company and Bastion Forests 6m Create Groups for Privileged Access 2m Understanding Shadow Principals 4m Elevate a Single Standard User for Temporary Administrator Access 6m Reviewing Objects Trusts and Logs 4m
Utilizing Microsoft Identity Manager Using the Web Portal and PowerShell
What Is Azure JIT Administration? 2m Activating Privileged Identity Management Licenses 6m Reviewing User Roles and Workflows in Azure AD 6m Setup a User to Become an Eligible Temporary Administrator 8m Editing Workflows and Reviewing JIT Audits 6m Azure JIT Group Roles and Permanent Assignments 8m
Description
Course info
Level
Advanced
Updated
Jan 22, 2021
Duration
2h 31m
Description

The modern Windows network has issues with locking down security. In this course, Implement JIT and JEA Administration in Windows Server 2019, you’ll learn how to create an environment to protect administrative access to only authorized users and only when they need it and will learn about two different ways to accomplish this secure goal. First, you’ll learn about Just Enough Administration. This includes creating configuration and capability files to configure the JEA environment. Next, you’ll explore Just In Time administration. This type of security involves separating administrative access using bastion forests and domains. Finally, you’ll configure a bastion forest and create the necessary links and trusts to work between this forest and your production forest. You’ll learn this by utilizing shadow principles using Microsoft Identity Manager. By the end of this course, you'll be able to secure your on-premise or cloud environment more completely with JEA and JIT.

About the author
Robert McMillen
About the author

Professor Robert McMillen (MCT, MCSE) has over 20 years of experience in IT Consulting. He teaches at two local colleges and hosts the weekly All Tech Radio show in the Portland area.

More from the author
Setting up a Forensic Workstation
Intermediate
1h 2m
Nov 19, 2020
Implementing and Managing Microsoft 365 Information Protection
Intermediate
2h 18m
Sep 11, 2020
More courses by Robert McMillen
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hello. My name is Robert McMillen. I would like to welcome you to my course, Implement Just‑In‑Time and Just‑Enough‑Administration in Windows Server 2019. I'm a Microsoft certified trainer, consultant, and college instructor. In this course, we will discover how to set up and implement a just‑enough administration configuration, as well as a just‑in‑time scenario. You'll witness how just‑enough administration is configured solely in PowerShell and used by standard users who are elevated to become temporary Active Directory‑limited administrators. In a similar way, you'll also see how just‑in‑time administration is configured and utilized to perform admin tasks by temporary administrators to limit how many and how long users are able to configure the domain with administrator rights. You'll learn how to set up a Microsoft Identity Management Server, configure privileged access management, and use SharePoint to help you perform many of the tasks needed to administer a just‑in‑time administration environment. You'll also learn how to do this with Microsoft Azure using the portal. The same results happen in the cloud as they do on premises, but the implementation is much different. By the end of this course, you'll be able to secure your on‑premises or cloud environment more completely with just‑enough administration and just‑in‑time administration. I hope you'll join me in learning these great technologies Microsoft has to offer in my course, Implement Just‑In‑Time and Just‑Enough Administration in Windows Server 2019.

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT