Product: PowerShell Universal
Version: 5.5.2
Hi Folx,
we are new to PowerShell Universal and just starting to explore possibilities, usages, etc.
Hence, I wanted to ask you guys about your concepts / good practices on security, especially on PSU authentication vs. app access / AD management and so on (and in particular considering proper tiering access models).
In traditional management it’s quite obvious: you authenticate against your management tools (e.g. RSAT) with proper admin accounts. Assuming some tier0 admin account for AD on-prem.
How do you handle this with PSU?
Do you have separate PSU instances according to your tiers and environment (also e.g. separating Cloud tier0 and on-prem tier0)?
Do you use delegated service accounts to perform the actions in AD or Entra? But if so, what about losing the transparency in your access logs?
At the moment we are primarily exploring using PSU on the one hand for automated management tasks (e.g. normalizing PIM groups, cleaning up temporary groups) but also on building an admin task platform for all aroung joiner-mover-leaver-processes.
Following some modern fundamentals, we are aiming to implement API-first, so first creating an API and then building some portal app for it.
Thanks and looking forward to gain insights on your approaches.
Best,
Matthias