Skip to content

Commit

Permalink
Merge pull request #6353 from MicrosoftDocs/main
Browse files Browse the repository at this point in the history 
12/17/2024 PM Publish
  • Loading branch information
@Taojunshen
Taojunshen authored Dec 17, 2024
2 parents fe5a2e9 + 289d0b8 commit 81609ba
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
2 changes: 1 addition & 1 deletion docs/architecture/secure-generative-ai.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ This article delves into the specific security challenges that Gen AI poses and

## Discover overprivileged identities

Ensure that users have the appropriate permissions to comply with the [principal of least privilege](../identity-platform/secure-least-privileged-access.md). Based on our telemetry, over 90% of identities use less than 5% of permissions granted. Over 50% of those permissions are high risk. Compromised accounts can cause catastrophic damage.
Ensure that users have the appropriate permissions to comply with the [principle of least privilege](../identity-platform/secure-least-privileged-access.md). Based on our telemetry, over 90% of identities use less than 5% of permissions granted. Over 50% of those permissions are high risk. Compromised accounts can cause catastrophic damage.

Multicloud environment management is difficult as Identity and Access Management (IAM) and security teams often need to collaborate cross-functionally. Multicloud environments can limit comprehensive view into identities, permissions, and resources. This limited view increases the attack surface on identities that have overly privileged roles and over permissioned accounts. Risk of compromised unused accounts with high permissions increases as organizations adopt multicloud.

Expand Down
2 changes: 2 additions & 0 deletions docs/identity/role-based-access-control/delegate-by-task.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -355,6 +355,8 @@ You can further restrict permissions by assigning roles at smaller scopes or by
> | Manage terms of use | [Conditional Access Administrator](permissions-reference.md#conditional-access-administrator) | [Security Administrator](permissions-reference.md#security-administrator) |
> | Read all configuration | [Default user role](../../fundamentals/users-default-permissions.md) | |
> | Read named locations | [Default user role](../../fundamentals/users-default-permissions.md) | |
> | Read terms of use | [Security Reader](permissions-reference.md#security-reader) | [Global Reader](permissions-reference.md#global-reader) |
> | Read which terms of use were accepted by the signed-in user | [Default user role](../../fundamentals/users-default-permissions.md) | |
## Security - Identity security score

Expand Down

0 comments on commit 81609ba

Please sign in to comment.