Group membership enforcement
Group membership enforcement controls for policy and regulatory compliance, and prevents insider and external abuse.
It is a security best practice to eliminate unnecessary privileged accounts. Although you can apply group membership enforcement to any group, it is mostly applied to the administrators group. Group membership enforcement ensures membership to the Administrators Group is enforced at all times.
Before enforcing groups and users, you must first run the Local User Inventory Policy to discover the resources that you can work with.
The following documents guide you through creating provisioned users and groups, and adding them to policies and tasks:
- Create provisioned group for administrators
- Create provisioned user for group membership
- Add a new provisioned user to the administrators provisioned group
- Apply provisioned group