A compromised administrator account or an admin becoming a disgruntled ex-employee is a source of serious risk to a business. This is because traditionally admins can do whatever they want, whenever they want. To address this issue, Microsoft have developed Privileged Access Management.

What is Privileged Access Management?

Privileged Access Management works on the principle of zero standing access. That means that admins don’t have the ability to perform potentially damaging actions all of the time.

When they need to perform a task that may expose sensitive data or has potential to cause a lot of damage, they will be given just enough access to complete the task. And even then, only for a specific time and only following an audited approval process.

You can define which tasks require a privileged access request via the admin portal.

Create Privileged Access Policy

When admins want to perform one of these tasks, they can raise their requests for access via the portal or via Powershell.

A sample Powershell request to perform tasks requiring privileged access approval looks like this:

New-ElevatedAccessRequest -Task 'Exchange\New-JournalRule' -Reason 'Setting Journal per request.' -DurationHours 4

Privileged Access PowerShell RequestRequests can be automatically or manually approved, and requestors are notified of the approval outcome via email. All privileged access requests and approval process information is recorded for internal reviews and auditors.Privileged Access Request Email

Privileged Access Management License requirements

Privileged access management requires Microsoft 365 E5, Office 365 E5 or the standalone Advanced Compliance SKU.


Outlook for Windows: Shared calendar improvements

Microsoft have updated the Office 365 roadmap with some upcoming improvements to calendar sharing in Office 365.

Apart from being simpler, these new calendar updates are also great for separate companies who use Office 365 and share resources like meeting rooms.

The current external sharing options are difficult to configure and only update every 3 hours. However these new changes will allow for a simple, instantly syncing calendar sharing experience. Both internally and with external Office 365 & users.

See here for more info.

From Microsoft’s notes

Introducing a new service backed model for sharing calendars with other Office 365 subscribers that improves performance and reliability and keeps all calendars in sync.

This update came from our Azure function which monitors the Office 365 Roadmap, generates an image and triggers a Microsoft Flow Approval to collect our input. See our knowledge base for more examples of our business process automation.