Product Blog

4 Posts authored by: sreinhardt Employee

SolarWinds® Access Rights Manager (ARM) 2019.4 is available on the Customer Portal! Please refer to the release notes for a broad overview of this release.

 

Previous releases of ARM extended the existing access rights permission visibility into Active Directory, Exchange, and file servers by Microsoft OneDrive and Microsoft SharePoint Online and introduced the ability to collect events from Microsoft OneDrive and SharePoint Online.

With ARM 2019.4, we now add the ability to provision users in managed Azure AD domains and to assign mailboxes and licenses.

 

Supporting hybrid environments also means we continue to further improve ARM in all its capabilities and platforms you use. We’ve introduced improvements with ARM 2019.4 in Active Directory monitoring/alerting as well as official support for Microsoft Server 2019 editions.

 

What’s New in Access Rights Manager 2019.4?

 

  • Installation and configuration: Improved installation and configuration experience for new installation and upgrade scenarios.

 

  • Web Client - web dashboard: Use the new dashboard to get instant insight into what’s most important, or what needs to be addressed right now.

 

  • Active Directory - group policy monitoring: ARM now monitors if a group policy change has occurred and reports the change details.

 

  • Active Directory - alerting on user/group events: ARM now supports creation of alerts for any user/group on AD containers, making the configuration easier and covering more use cases beyond alerting on selected objects.

 

 

  • Azure AD/Office 365: Provision users in managed domains and assign mailboxes and licenses.

 

  • Defect fixes and architecture improvements: As with any release, we addressed product defects and introduced architectural optimizations, laying the foundation for coming features we plan to make available in the next releases.

 

The SolarWinds product team is excited to make these features available to you. We hope you enjoy them. Of course, please be sure to create new feature requests for any additional functionality you would like to see with ARM.

 

To help get you going quickly with this new version, below is a quick walkthrough of the new monitoring capabilities for Microsoft Active Directory, also available in the ARM Audit edition.

 

 

Identify CHANGES to GROUP POLICIES

 

Group policies are an important tool for managing Active Directory environments, and administrators should be aware if these have changed.

 

Now let’s look at how we can use Active Directory monitoring to answer the question, “What group policy has changed, and what are the change details?” ARM allows you to find this information via the Logbook in the thick client.

 

    

 

     1. Navigate to the Logbook view in the ARM thick client by clicking on “Logbook” in the navigation bar.

         The “Logbook” opens.

 

    

     2. Select the time period to be viewed by clicking the highlighted “from” date.

 

     

     3. Select the new date by clicking on the date in the date picker.

 

   

     4. Click “Apply.”

 

     5. Click the cell in the “Group Policy Changes” column of the date you’re interested in.

 

     6. In the upper window on the right side, you’ll see all group policy change events and who has changed these when on the selected date. The lower window holds the details of each event. In our case, we have the “Maximum system log size” changed from “60096 kilobytes” to “60160 kilobytes” and the “Prevent local      guests group from accessing application log” changed from “Not configured” to “Disabled.”

 

You can also get this information as report via the “AD Logga” report, which can be scheduled to be sent periodically to your mailbox, helping you stay on top what’s happening with group policy changes in your Environment.

 

Conclusion

 

I hope this quick summary gives you a good understanding of some of the new features in ARM and how you can use ARM to get better visibility and control over your hybrid IT Environment.

 

If you’re reading this and not already using SolarWinds Access Rights Manager, we encourage you to check out the free download. It’s free. It’s easy. Give it a shot!

SolarWinds® Access Rights Manager (ARM) 9.2 is available on the customer portalPlease refer to the release notes for a broad overview of this release.

 

Most of you are using cloud services in your IT environments today, living in and managing a hybrid world.

 

With the release of ARM 9.1 we already have taken this into consideration by complementing the existing access rights permission visibility into Active Directory, Exchange, and file servers by Microsoft® OneDrive and Microsoft® SharePoint Online.

Now with ARM 9.2 we round off our function set by introducing the ability to collect events from Microsoft® OneDrive and SharePoint Online allowing you to gain also visibility in activities within these platforms.

 

In addition to the functionality above, a lot of work was done under the hood to lay the foundation for coming features we will make available in the next releases.

 

What’s New in Access Rights Manager 9.2?

  • Microsoft OneDrive and SharePoint Online monitoring - Administrators need to be aware about certain events in their OneDrive and SharePoint Online infrastructure. ARM now enables the Administrator to retrieve events from the O365 environment and analyze them in reports.
  • UI - Design and layout optimizations to complete the SolarWinds look and feel.
  • Defect fixes - as with any release, we addressed product defects.

 

The SolarWinds product team is excited to make these features available to you.  We hope you enjoy them. 

Of course, please be sure to create new feature requests for any additional functionality you would like to see with ARM in general.

 

To help get you going quickly with this new version, below is a quick walk-through of the new monitoring capabilities for Microsoft® OneDrive and Microsoft® SharePoint Online.

 

Identify ACCESS to shared directories and files on OneDrive

OneDrive is an easy tool to let your employees share resources with each other and/or external users. ARM makes it easy for you to check which files an employee has shared internally or externally, and who actually accessed these.

 

Now let’s take a look how we can use OneDrive monitoring to answer the question “with whom outside the company do we share documents and files?” ARM allows you to easily generate a report for this.

 

1. Navigate to the Start screen in the ARM rich client and click on “OneDrive Logga Report” in the Security Monitoring section.

 

The configuration for the “OneDrive Logga Report“ opens.

2. Provide a title and comment that will be shown at the beginning of the report (optional). Select the time period analyzed for this report.

3. Click into “OneDrive Resources”

4. Select the target resources on the right side for this report by double clicking.

5. Click into “Operations”

6. As we are interested in who has shared the resources when and also if/what external users have accessed it we select the “AnonymousLinkCreated” and “AnonymousLinkUsed” operations on the right side for this report by double clicking.

7. Click on “Start” to create this report manually.

8. Click on “Show report” to view the report.

In the report created you get the information of who has invited external users when to access internal resources and if any external users have accessed these from what IP address.

Note: You can schedule this report to be sent periodically to your mailbox to stay on top what’s happening.

 

In the same way you can generate reports about the more than 180 other events available in SharePoint Online and OneDrive. Just follow the outlined steps and adapt in step 6 the operations to the ones you are interested in.

Other interesting events you might want to have a look at are file and folder related operations like FileDeleted/FolderDeleted or FileMoved/FolderMoved helping you with one of the classic use cases if employees complain about their disappearing files and folders.

 

On a side note, file/folder events on file servers are also captured in our monitoring and are available through the file server reports.

 

Conclusion

I hope that this quick summary gives you a good understanding of the new features in ARM and how you can utilize ARM to get better visibility and control over your hybrid IT environment. 

 

If you are reading this and not already using SolarWinds Access Rights Manager, we encourage you to check out the free download.  It’s free. It’s easy.  Give it a shot.

We are happy to announce the release of SolarWinds® Access Rights Auditor, a free tool, designed to scan your Active Directory and file system and evaluate possible security risks due to existing user access rights.

 

 

Ever hear of risks and threats due to unresolved SIDs, globally accessible directories, directories with direct access, or groups in recursion –  and wondered if you were affected?

 

Access Rights Auditor helps you answer this question by identifying use cases such as these and allows you to export the overall risk summary in an easy-to-understand PDF report to be shared.

 

Don’t know where to start?

 

Let’s walk through a typical use case assuming we want to check the permissions and risks associated with a sensitive folder from the Finance department.

We type the phrase “invoices” in the search box and press enter (1).

 

The “Search Results” view displays the search history and all hits of your current search in the different categories available like folders, users, and groups.

We select the folder we are interested in by clicking on “Invoices” (2).

 

Now we’re redirected to the “Folder Details” view and immediately get all “Folder Risks” displayed – in this example, three occurrences of “Unresolvable SIDs” and “Changed Access Permissions.”

But it doesn’t end here, because some risks are inherited by directories. For example, from inactive user accounts with continued access. These hidden risks are also listed here in the “Account Risks” section.

 

Now we validate who has access in the “User and groups” section below and realize that in our example the “System” account and the “Domain Admins” group have “full control” access on the folder.

To select members of the “Domain Admins” group, simply click on the group and you’ll be redirected to the “Group details” view.

 

 

Access Rights Auditor improves your visibility into permissions and risks with just a few clicks.

 

Can’t believe it’s free? Go ahead and give it a try.

 

For more detailed information, check the Quick Reference guide here on THWACK® at https://thwack.solarwinds.com/docs/DOC-204485.

Download SolarWinds Access Rights Auditor at https://www.solarwinds.com/free-tools/access-rights-auditor.

SolarWinds® Access Rights Manager (ARM) v9.1 is now available on the customer portal!  For a broad overview of this release, the releasehttps://support.solarwinds.com/Success_Center/Access_Rights_Manager_ARM/Access_Rights_Manager_9_1_Release_Notesnotes are a great place to start. 

 

Feature Summary

View and Manage Azure AD Accounts with ARM

Create Azure AD accounts with ARM

Identify shared directories and files on OneDrive

Create a report about directories and files shared on OneDrive Identify users assigned to a transaction code in SAP R/3

Identify multiple authorizations for transaction codes in SAP R/3 Identify critical basic permissions in SAP R/3 Conclusion

Feature Summary

 

The primary changes you will see in this new release are designed to extend support for your critical applications and simplify integration with other systems and business processes, with explicit design to save you time on repetitive tasks.  

 

1.    Rebranded interface.The legacy 8MAN branding has been removed and the UI now looks similar to other SolarWinds products.  This is a small change but the first step in making ARM an important part of the SolarWinds security portfolio.

 

2.    Microsoft Azure Active Directory.  SolarWinds ARM now provides the ability to see and change permissions within Azure Active Directory.  By extending ARM to Azure-based Active Directory deployments, organizations who are directly leveraging Azure or who have hybrid environments can now utilize ARM to get better visibility and control over both. 

 

3.    Microsoft OneDrive.  SolarWinds ARM has been extended to include permissions visibility and change for Microsoft OneDrive, complementing the existing access rights permission visibility with Active Directory, Exchange, and file servers. Gain visibility into key areas, such as which files an employee has shared externally, and who has shared what files and directories internally with which employees.

 

4.    SAP R/3.  With this release, SolarWinds ARM introduces support for SAP R/3, allowing you to search for security-critical transaction codes, find authorization paths, and recognize multiple authorizations.  See which Active Directory users are assigned to each SAP account through the Access Rights Manager interface.

 

 

5.    UI/UX Improvements.  The ARM UI now has a more modern look.  The loading indicators have been improved.  We’ve added user pictures next to the comment boxes.  And, the user experience was improved by introducing tables with persistence in areas such as the resource view.  No need any more to re-apply your changes to the order or size of columns.  They stay with you after you set them.  Also, Analyze & Act scenarios can now be selected much easier by the new grouping and filtering functionality.  We heard you and made these improvements to make your job easier.

 

6.    Microsoft SQL Server Express Integration.  To make the installation for smaller environments easier, ARM now supports the automatic installation and configuration of Microsoft SQL Server Express directly from the ARM configuration page.  Use this option out-of-the box or utilize Microsoft SQL Server instead if you need a higher performance database.

 

7.    ARM Sync!  Most companies have several systems in place to manage users and their data.  This includes Active Directory, HR systems, and ERP systems.  Without proper synchronization processes, the systems may have an inconsistent view of the user’s data, resulting in administrators and HR employees having a difficult time identifying the correct set of data. ARM Sync! Helps to automate the data exchange between third-party systems and a system administered with ARM. With ARM Sync!, you can automatically create, deactivate, or delete user accounts.

 

8.    Recurring Task Scripting. Scripts are often used by administrators to ease the execution of recurring or repetitive tasks.  ARM now allows you to make a script available to users via the cockpit in a safe way to allow those users to execute an action immediately without an approval workflow.  These scripts can be executed before or after user provisioning processes, making it flexible and easy to apply.

 

9.    Create SharePoint Permission Groups.Industry best practices for SharePoint and file servers is not to grant permissions directly to users, but instead via group memberships to resource groups. With the Group Wizard for SharePoint, ARM relieves you of the many manual work steps needed to do this.  ARM now let’s you assign authorizations through a simple drag-and-drop procedure, and ARM will automatically create authorization groups and group memberships for both SharePoint online and SharePoint on-premises.

 

The SolarWinds product team is excited to make this new set of features available to you.  We hope you enjoy them.  Of course, please be sure to create new feature requests for any additional functionality you would like to see with ARM in general.

 

To help get you going quickly with this new version, below is a quick walk-through of the new Azure Active Directory feature, SharePoint, and OneDrive.

 

View and Manage Azure AD Accounts with ARM

ARM helps you to view, manage, and get control of your accounts in Azure AD and on-premises AD through a common interface.

 

1. Use the search box to find an Azure AD (AAD) account.  Use the search configuration (arrow) to ensure that Azure AD accounts are included in your search results.

 

 

2. Click on the desired entry. The icon with the cloud symbolizes an AAD account.

3. ARM focuses on the account. After right-clicking, select the appropriate action you want to perform.

 

Create Azure AD accounts with ARM

Create new Azure AD accounts or groups based on templates. Ensure the correct attributes and data is set.

 

1. On the start page, click "Create new user or group". 

2. Click on the desired template for a new user or new group in the AAD.

3. Enter the required information.

The information requested by the template can be fully customized.

 

4. Specify the logon information used to create the account in the AAD.

 

5. Enter a comment.

 

6. Start the execution.

 

Identify shared directories and files on OneDrive

OneDrive is an easy tool to let your employees share resources with each other and/or external users. ARM makes it easy for you to check which files an employee has shared externally, and who has shared what files and directories internally with which employees.

 

Option A: Browse through the OneDrive structure.

 

1. Select the resource view.

 

2. Expand OneDrive.

 

3. Browse the OneDrive structure.

 

4. ARM displays the permissions.

 

5. ARM shows you the authorized users.

 

"External" is used to identify files or folders shared externally. OneDrive creates a link (hence the symbol used). Anyone who owns the link can read or change it.

"Internal" identifies files or folders that are shared within the organization.

 

If a file or folder is shared with a specific user (email address) within the organization, this user is given permission (not a link).

 

Option B: Search for shared resources on OneDrive.

1. Search for "Internal" or "External" in …

 

2. OneDrive Accounts. 

 

3. This will open a scenario that displays all with OneDrive internally or externally shared files and folders.

 

Create a report about directories and files shared on OneDrive

Sometimes a report is easier to share, or you just want to follow up later on something you found. ARM allows you to easily generate a report about the files and folders your employees share on OneDrive.

1. Select the resource view.

 

2. Expand OneDrive and select a resource.

 

3. Select "Who has access where?".

4. The previously selected resource is preset.

 

5. Optional: Delete the preselected resources.

 

6. Use Drag-&-Drop procedure to add resources.

 

7. Start report creation.

 

Identify users assigned to a transaction code in SAP R/3

Transaction codes are important entities of SAP permissions. ARM helps you to identify which users are assigned to a specific transaction code, either direct or indirect, via membership in roles.

 

1. Use the search to find the transaction code you are looking for.

2. Click on the search result.

 

3. ARM automatically expands the tree view of the permission structure and focuses on the transaction code you are looking for.

 

4. ARM displays all permissions.

 

5. ARM displays all SAP users that have assigned the transaction code.

 

Identify multiple authorizations for transaction codes in SAP R/3

As with all permissions, there is often more than just one way a transaction code has been assigned to a user. ARM resolves all of these authorization paths and clearly visualizes these, leaving no room for ambiguity.

 

1. Use the search to find the transaction code you are looking for.

2. Click on the search result.

3. ARM automatically expands the tree view of the authorization structure and focuses on the transaction code you are searching for.

 

4. In the user list, ARM shows you how many authorization paths (arrows) have been set for the transaction code. Click on the user.

 

5. ARM shows you the authorization paths.

 

Identify critical basic permissions in SAP R/3

Use ARM to check regularly for critical basic authorizations following the principle of least privilege, and reduce the risk of data leakage.

 

1. Use the search box to find and select the critical basic authorization you are looking for. ARM opens the SAP authorization structure and focuses on the entry you are looking for.

 

2. Browse through the subordinate structure to analyze the use of the critical basic authorization.

 

Conclusion

That is all I have for now on this release.  I hope that this summary gives you a good understanding of the new features and how they can help you more effectively manage the permissions of your Azure AD, SharePoint, OneDrive, and SAP R/3 applications. 

I look forward to hearing your feedback once you have this new release up and running in your environment!

 

If you are reading this and not already using SolarWinds Access Rights Manager, we encourage you to check out the free download.  It’s free. It’s easy.  Give it a shot.

Filter Blog

By date: By tag:

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.