I'm an IT specialist at a company with about 1,000 users, and I recently interviewed for an IAM specialist position at another organization. I got stuck on a question about how to regularly audit user access. My current organization doesn't perform these audits, so I'm looking for guidance. We have a mix of on-premises and cloud systems, using Entra and Active Directory. I want to learn how to conduct audits specifically for these tools to improve my organization and prepare myself for future roles. Any help would be appreciated!
1 Answer
For auditing Entra and Active Directory, you typically start by pulling reports on group memberships, privileged roles, and application assignments. For on-prem AD, you'll want to export users in sensitive groups like Domain Admins and Enterprise Admins, then compare that against what HR or managers say employees need access to. It's all about visibility!
Exactly! I created a script for this, which is essential for SOX compliance. I'm also trying to get the auditor to run it directly without needing IT involvement since it doesn't require special privileges. Plus, I suggest moving to a role-based access model, where users are added to role groups that then connect to the access groups. This way, it simplifies management and auditing.