Quest On Demand is a Software as a Service (SaaS) application, available through quest-on-demand.com, that provides access to multiple Quest Software Microsoft management tools through a single interface.
On Demand management is based on the concepts of organizations, modules, and Entra ID tenants. When you sign up for the On Demand service, you create an organization that can subscribe to modules. Organization administrators can use the tools provided by the On Demand modules to perform administrative actions on Entra ID tenants.
Currently, the following modules are available:
Quest® Security Guardian is an integrated On Demand solution that helps you keep the Active Directory domain(s) and Entra ID tenant(s) in your organization secure.
You can:
Identify Tier Zero objects in Active Directory.
Identify Privileged objects in Entra ID.
Certify that objects are indeed Tier Zero or Privileged and, when Quest Change Auditor version 7.4 is integrated, protect Active Directory Tier Zero objects against unauthorized or accidental modification or deletion.
Run pre-defined Security Assessments to identify vulnerabilities in Active Directory and Entra ID and create your own Assessments.
Investigate Findings for Tier Zero and Privileged objects, vulnerabilities identified through Assessments, and Critical Activity from On Demand Audit.
Have Findings forwarded to a SIEM tool and alerts sent to selected email recipients.
Refer to the Functional Overview for visual representations of Security Guardian functionality.
Quest On Demand uses the Role-based Access Control (RBAC) security policy that restricts information system access to authorized users. Your Quest On Demand organization comes configured with a number of default roles which cannot be changed, but subscribers can create custom roles with the permissions to perform needed operations on the assets of the organization.
If you are the On Demand administrator or the owner of the subscription, you can add users to an existing organization and assign the required roles. If you are not the subscription owner or administrator, contact your On Demand administrator for access.
When you add a user to an organization, you also assign one or more roles. The role assignment determines what permission level a user has and ultimately, what tasks the user can perform. Assigning roles and setting user permissions is referred to as access control.
Access control is a process by which users are granted access and certain privileges to systems, resources, or information. In On Demand, you can grant authenticated users access to specific resources based on your company policies and the permission level assigned to the user.
On Demand comes configured with a number of default roles. The default role permissions settings cannot be changed, but you can create custom roles with specific permission settings to align with your company policies. You can assign multiple roles to each user in order to combine permission sets.
|
NOTE: Every user must be assigned to at least one role. You cannot remove all roles from a user. For more information about the various roles that can be assigned to users, please see the On Demand Global Settings Current - User Guide. |
The Security Administrator role gives users full access to Security Guardian, as well as the following permissions for On Demand global settings:
Export data
Read access control roles
Read Activity Trails
For more information on assigning roles, see Users and Roles in the On Demand Global Settings User Guide.
© ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center