RunAs Radio Least Privilege in 2025 with Bailey Bercik
Jan 8, 2025
Bailey Bercik, a Senior Product Manager on Microsoft Security's Identity Team, dives into the evolving landscape of least privilege and permission management in 2025. He discusses how Entra Permissions Management can streamline unused permissions, making security more manageable. The impact of AI on permissions—both its risks and potential benefits—is explored, emphasizing the need for careful oversight. Bailey also details strategies for refining permissions in AI contexts and advocates for robust monitoring to prevent misuse, ensuring effective privilege management.
AI Snips
Chapters
Transcript
Episode notes
Imperfect Security
- Assume imperfections in security.
- Don't let perfect be the enemy of good.
CIEM for Granular Privileges
- Granularizing administrative privileges is difficult with limited tools.
- Cloud Infrastructure Entitlement Management (CIEM) offers better granularity for least privilege.
Granular Permission Monitoring
- Use tools like Entra Permissions Management to see granular permission usage.
- Monitor the "permissions creep index" to track the delta between assigned and used permissions.