在 Privileged Identity Management 中发现要管理的 Azure 资源Discover Azure resources to manage in Privileged Identity Management

使用 Azure Active Directory (Azure AD) Privileged Identity Management (PIM),可加强对 Azure 资源的保护。Using Azure Active Directory (Azure AD) Privileged Identity Management (PIM), you can improve the protection of your Azure resources. 这对以下对象有帮助:This is helpful to:

  • 已经使用 Privileged Identity Management 来保护 Azure AD 角色的组织Organizations that already use Privileged Identity Management to protect Azure AD roles
  • 正在尝试保护生产资源的管理组和订阅所有者Management group and subscription owners who are trying to secure production resources

首次为 Azure 资源设置 Privileged Identity Management 时,需要发现并选择要使用 Privileged Identity Management 保护的资源。When you first set up Privileged Identity Management for Azure resources, you need to discover and select the resources to protect with Privileged Identity Management. 可使用 Privileged Identity Management 管理的资源数量没有限制。There's no limit to the number of resources that you can manage with Privileged Identity Management. 但是,我们建议从最重要的生产资源开始。However, we recommend starting with your most critical production resources.

发现资源Discover resources

  1. 登录到 Azure 门户Sign in to the Azure portal.

  2. 打开“Azure AD Privileged Identity Management”。Open Azure AD Privileged Identity Management.

  3. 选择“Azure 资源” 。Select Azure resources.

    如果这是首次将 Privileged Identity Management 用于 Azure 资源,则会显示“发现资源”页。If this is your first time using Privileged Identity Management for Azure resources, you'll see a Discover resources page.

    首次体验时没有列出资源的“发现资源”窗格

    如果组织中的另一个管理员已在 Privileged Identity Management 中管理 Azure 资源,则会显示当前正在托管的资源列表。If another administrator in your organization is already managing Azure resources in Privileged Identity Management, you'll see a list of the resources that are currently being managed.

    列出当前正在托管的资源的“发现资源”窗格

  4. 选择“发现资源”以启动发现之旅。Select Discover resources to launch the discovery experience.

    “发现”窗格列出了可托管的资源(如订阅和管理组)

  5. 在“发现”页上,使用“资源状态筛选器”和“选择资源类型”筛选你对其具有写入权限的管理组或订阅。On the Discovery page, use Resource state filter and Select resource type to filter the management groups or subscriptions you have write permission to. 最初从“所有”开始可能会最简单。It's probably easiest to start with All initially.

    你可以搜索并选择要使用 Privileged Identity Management 管理的管理组或订阅资源。You can search for and select management group or subscription resources to manage in Privileged Identity Management. 在 Privileged Identity Management 中管理管理组或订阅时,还可以管理其子资源。When you manage a management group or a subscription in Privileged Identity Management, you can also manage its child resources.

    备注

    将新的子 Azure 资源添加到 PIM 管理的管理组时,可以使用 PIM 搜索子资源将其置于管理之下。When you add a new child Azure resource to a PIM-managed management group, you can bring the child resource under management by searching for it in PIM.

  6. 选择要管理的任何非托管资源。Select any unmanaged resources that you want to manage.

  7. 选择“管理资源”以开始管理所选资源。Select Manage resource to start managing the selected resources.

    备注

    管理组或订阅已托管后,就无法取消托管。Once a management group or subscription is managed, it can't be unmanaged. 这可防止其他资源管理员删除 Privileged Identity Management 设置。This prevents another resource administrator from removing Privileged Identity Management settings.

    已选择资源并突出显示“管理资源”选项的“发现”窗格

  8. 如果看到确认加入要管理的所选资源的消息,请选择“是”。If you see a message to confirm the onboarding of the selected resource for management, select Yes. 然后将 PIM 配置为管理资源下的所有新的和现有的子对象。PIM will then be configured to manage all the new and existing child objects under the resource(s).

    确认加入所选资源以进行管理的消息

后续步骤Next steps