There is one last major bit once you have RMM and EDR in place - centralized identify. Until Okta, Ping, Azure, and Google all have a pam module that allows for remote identity management without depending on LDAP, enterprise endpoints are restricted to desktop/server machines (or orgs where you can get a waiver and only have local login).
Buelldozer@lemmy.today 2 weeks ago
Yep but…
Here’s Microsoft - learn.microsoft.com/en-us/entra/…/sso-linux?tabs=…
Google has a variety of IDM methods including Ubuntu Authd and Secure Cloud LDAP. There’s also 3rd party tools like JumpCloud, ScaleOrange, etc.
Okta appears to have ASA and OPA although I’m not familiar with either of them. Ping has PingID and Ping Federate, although again I haven’t used either of them.
So depending on your cloud and needs it’s IdM / IAM is either available NOW or it will be very soon. 😀
SuperUserDO@piefed.ca 2 weeks ago
Ohh that’s super exciting. I haven’t realized Microsoft made one.
Okta’s offering was garbage last I attempted to poke it. And 3rd party IAM tooling can be completely hit or miss (and let’s not even start about LDAP over the web…)
Buelldozer@lemmy.today 2 weeks ago
I dunno if it’s exciting but I do have and us an Entra joined and InTune managed Linux Mint laptop with a full security stack loaded as described above. It works.