Microsoft Viva: Viva Glint - Self service for bulk custom access

🚨 The Signal: Viva Glint now allows bulk assignment of custom access to surveys and administration using roles with filtered populations. This simplifies managing granular access, potentially reducing misconfigurations but also increasing the attack surface if roles are over-privileged.

The Impact

Glint administrators are affected, with a moderate security risk if custom roles are not properly scoped.

• Glint Admins: Risk of over-privileged custom roles leading to unauthorised data access.
• Security Teams: Need to review and approve custom role definitions to prevent privilege escalation.
• Compliance Officers: Potential for non-compliance if access controls are not aligned with data governance policies.

The Action

1. Define clear least-privilege principles for Viva Glint custom roles.
2. Create and document a process for requesting and approving new custom Glint roles.
3. Regularly audit assigned custom Glint roles and their associated filter populations.
4. Leverage Microsoft Purview to monitor access to sensitive Glint data if available.

Domain: Other · Impact: medium · Workload: Other · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898