Access to the Azure management console is only available to employees who require it to fulfill their assigned duties. MFA is also used as part of access to the console, and all activity is audited.
Access to Customer Instances
OS level access to Privilege Management Cloud instances or clusters requires the use of Privileged Remote Access (PRA). The site leverages IT-maintained MFA authentication and has granular permissions set to only allow access to approved accounts. A limited number of authorized support, cloud operations, and engineering employees may be granted access in this way. A record of all sessions is kept at least 90 days. The endpoint types may include Shell Jump, Jump Clients, Remote RDP, and Web Jump to ensure access can be audited.
A limited number of authorized support, cloud operations, and engineering employees may be granted access to the back end of customer instances. Authorized users are provisioned client certificates to enable this level access. A support Incident is required to access a customer instance, although exceptions to this may occur in the event of Severity Level 1 incidents.
Access is revoked anytime an employee is terminated or their role within the company changes to one not requiring access to customer data, following a Joiners, Movers and Leavers process.