Just Enough Administration (JEA)

E193821

Just Enough Administration (JEA) is a PowerShell-based security framework that enables role-based, least-privilege remote administration by granting users only the specific commands and access they need.

All labels observed (2)

How this entity was disambiguated

Statements (49)

Predicate Object
instanceOf PowerShell feature
least-privilege administration technology
security framework
abbreviation JEA
accessControl maps users or groups to specific JEA roles
basedOn PowerShell
benefit improves accountability of admin actions
reduces attack surface of administrative endpoints
supports compliance requirements for privileged access control
category Windows security technology
privileged access management
configurationMechanism Desired State Configuration (DSC)
surface form: PowerShell DSC can be used to deploy JEA configurations
controls which PowerShell providers a user can access
which cmdlets a user can run
which external programs a user can run
which functions a user can run
which parameters and parameter values can be used
designGoal to allow non-admin users to perform tightly scoped admin tasks safely
developedBy Microsoft
documentationURL https://learn.microsoft.com/powershell/scripting/learn/remoting/jea/overview
enables delegation of specific administrative tasks without full admin rights
enforces principle of least privilege
feature PowerShell session configuration
auditing of administrative actions
command whitelisting
constrained PowerShell endpoints
parameter and value constraints
role capability files
transcript logging
fullName Just Enough Administration (JEA) self-linksurface differs
surface form: Just Enough Administration
integratesWith Active Directory-based authentication
Just-In-Time Administration solutions
PowerShell
surface form: Windows PowerShell

Windows Server
introducedIn Windows Management Framework 5.0
logging can record all commands executed in a JEA session
platform Windows
purpose to enable granular delegation of administrative tasks
to limit administrative access to only required actions
to reduce security risk from excessive privileges
recommendedBy Microsoft Security Guidance
scope can be applied to specific servers or services
securityModel endpoint-based privilege restriction
supports least-privilege access
remote administration
role-based administration
uses PowerShell remoting
PowerShell session configurations (.pssc files)
role capability files (.psrc files)

How these facts were elicited

Referenced by (2)

Full triples — surface form annotated when it differs from this entity's canonical label.

PowerShell supportsSecurityFeature Just Enough Administration (JEA)
Just Enough Administration (JEA) fullName Just Enough Administration (JEA) self-linksurface differs
subject surface form: JEA
this entity surface form: Just Enough Administration