Can Microsoft Azure Active Directory (AD) Help You Do More?
As a Microsoft Azure Active Directory (AD) user and/or administrator, you likely have already experienced many of the basic benefits Azure AD provides, such as: user/group management, single-sign on (SSO), device management, self-service password change (for cloud users) and Connect, to sync on-premises to Azure AD.
These built-in Azure AD tools already help you reduce help desk calls by allowing users to “help” themselves, through some self-management. But, these basic tools are just the beginning of what Azure AD can offer to streamline administrative and operational procedures, not to mention enhanced security, for your business.
Azure AD – An Introduction
Before we dive in, here is a quick introduction to Azure AD in case you are not already familiar. Azure AD is Microsoft’s multi-tenant, cloud based directory and identity management service that combines core directory services, advance identity governance and application access management.
Image Source: What is Azure Active Directory?
For more details, check out this Microsoft Azure Active Directory resource: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-whatis.
Microsoft Azure Active Directory (AD) Editions
There are four distinct editions of Azure AD with differing levels of service offerings:
- Azure AD Free
- Azure AD Basic
- Azure AD Premium P1
- Azure AD Premium P2
To help you understand the differences between each Azure AD edition, we will discuss the advantages and benefits of upgrading from the Azure AD Free edition throughout the rest of this blog post by reviewing added security, identity, device management, user management, system health and system access features.
Improved and Enhanced Azure AD Security
There is a plethora of new and added security features beyond the freemium edition Azure AD available to you in the upgraded editions. These added security features include: Cloud App Security, Device Writeback , Multi-Factor Authentication, and Conditional Access. Let’s explore each of these Azure AD enhanced security features further!
Azure AD Cloud App Security
More often than not, people tend to learn what’s happening in their cloud environment afterit’s already happened. You need to be able to stop breaches and leaks in real-time, before employees intentionally or inadvertently put your confidential corporate data at risk.
With Azure AD Cloud App Security, you can stay ahead of the game and take advantage of the benefits of cloud applications while maintaining control of your corporate resources. Cloud App Security improves your visibility into cloud activity, which helps increase the protection of your corporate data. You can connect all of your corporate apps through APIs leveraging app Azure AD connectors.
Azure AD Cloud App Security is offered in both Azure AD Premium 1 and Azure AD Premium 2.
Azure AD Device Writeback
Azure AD’s Device Writeback enables you to provide additional security by allowing complaint devices, such as in SharePoint, while still being able to check for device compliance even if the device is enrolled in InTune.
The Device Writeback takes all devices enrolled in InTune and writes them as a device in your on-premises Active Directory. This allows you to combine this with the web application proxy of ADFS.
Image Source: Azure Active Directory Connect – Device Writeback
Additionally, Azure AD Device Writeback provides you the ability to take a device registered in the cloud and have it in Azure Active Directory (AD) Domain Services (DS) with conditional access.
Azure AD Device Writeback is offered in both Azure AD Premium 1 and Azure AD Premium 2.
Azure AD Multi-Factor Authentication (MFA)
In today’s mobile-first world, people are more connected than ever before. With smart phones, tablets, laptops and desktops, people have multiple ways to access their applications and accounts from anywhere, anytime. This exposes your data to an additional layer of risk. For example, in a BYOD (Bring Your Own Device) organization, what if an employee loses their phone. How and when will you shut down access? Who will be notified and when?
Azure AD Multi-Factor Authentication (MFA) is a two-step verification process that adds an additional layer of security to user sign-ins. By using this Azure AD security feature, you provide a reliable, secure and scalable method of authentication to further protect your users and your data.
Azure AD Multi-Factor Authentication is offered in Azure AD Free, Azure AD Basic (for Administrators), Azure AD Premium 1 (for End Users) and Azure AD Premium 2 (for End Users) on a per user / per authentication pricing model.
Azure AD Conditional Access
Conditional Access, you can permit the right access controls under the right circumstances. Conditional Access gives you the flexibility to provide access based on group, location, or device state as needed and doesn’t interrupt users’ access when conditions don’t apply.
Image Source: Active Directory Conditional Access Azure Portal
Azure AD Conditional Access can help with a number of access concerns on a conditional basis to eliminate risk and provide or lockdown access, by:
- Sign-In Risk
Azure AD Conditional Access is applied through conditional access policies and scenarios, such as: “when ‘sign-in risk detected’ (e.g. when a user is not on an internal network) = apply ‘multi-factor authentication’ and prompt ‘user access identity questions’.
Conditional Access can be a very useful tool to permitting access given certain conditions or locking down access when unusual sign-in risk is detected.
Azure AD Conditional Access is offered at different levels in both Azure AD Premium 1 and Azure AD Premium 2.
See how Office 365 has enhanced Security and Compliance while making you more productive in the cloud. Download our “ Microsoft Office 365 Security and Compliance Whitepaper” to learn more now!
Upgrade Azure AD to Minimize the Burden on IT
Let’s face it, your IT team is already bogged down with employee requests. As a result, there are often long wait times to fix minor IT issues. Upgrading your Azure AD Free edition can help free up your IT resources to focus on the issues that can’t be planned and programmed.
Image Source: Azure Active Directory admin center
Further to added security features in Azure AD, you can also gain access to a number of other new features through upgrading to Azure AD Basic, Azure AD Premium P1 o Azure AD Premium P2, including: Connect Health , Microsoft Identity Manager, Microsoft Device Management Auto-Enrollment and Enterprise State Roaming . These new Azure AD features will make it life easier for your IT department to better manage users and their devices.
The success of your organization greatly depends on the technology you use and how it is used. Of course, it is critical to stay in the know of any outages or issues to keep your organization running smoothly and users connected.
Image Source: Azure AD Connect to Azure AD Connect Health
Azure AD Connect Health ensures that your on-premises are running without outages or interruptions. Connect Health acts as an agent that is installed on-premises to provide ongoing monitoring and analysis into each connected device. It delivers visibility to your IT team to view alerts, monitor performance, view usage analytics and other information critical information.
Azure AD Connect Health is offered in both Azure AD Premium 1 and Azure AD Premium 2.
Microsoft Identity Manager (Enterprise Mobility + Security)
With the different logins, accounts and apps employees are using, you need a singular way to manage it all. For enterprise organizations, change is a constant with employees changing seats, new employees, retiring employees and employee leaving. Staying on top of these changes in digital identities is crucial.
Image Source: Microsoft Enterprise Mobility + Security
Microsoft Identity Manager (MIM), also known as Enterprise Mobility & Security, is designed to manager users’ digital identities, credentials and groupings throughout the lifecycle of their membership of an enterprise computer system. In addition, MIM helps manage policies and access within your organization while supporting new platforms.
Microsoft Identity Manager (MIM) is offered in both Azure AD Premium 1 and Azure AD Premium 2. MIM software rights are granted through Windows Server (any edition).
Microsoft Device Management (MDM) Auto-Enrollment
Nearly everyone is in the Cloud or thinking of moving to the cloud these days. Given this, many organizations are now allowing employees to BYOD (Bring Your Own Device) for access a variety of enterprise IT systems.
Provisioning a BYOD environment can reduce the hardware costs of providing every employee with multiple means of staying connected, while delivering on-the-go access to company resources, apps, corporate network and email from anywhere.
MDM auto-enrollment helps IT teams manage company security policies and business applications while avoiding compromising users’ privacy on their own BYOD devices.
Microsoft Identity Manager (MIM) is offered in both Azure AD Premium 1 and Azure AD Premium 2, in conjunction with Windows 10+.
Enterprise State Roaming
Using Enterprise State Roaming with Azure AD, users can securely synchronize their user settings and app settings data to the Cloud. It provides users with a unified experience across their Windows devices, while reducing the time needed to configure a new device.
Enterprise state roaming gives IT control over the company’s data, since it separates corporate data from consumer data. In addition, it provides control and visibility over who can sync setting in your organization and on which devices.
Enterprise State Roaming is offered in both Azure AD Premium 1 and Azure AD Premium 2, in conjunction with Windows 10+.
Upgrade Azure AD to Improve Identity Protection
Upgrading Azure AD increases identity protection to further enhance the protection of all employees’ accounts. For example, identity protection can detect vulnerabilities affecting your organization’s identities, configure automated responses to detected suspicious actions and investigate suspicious incidents to take appropriate actions to resolve them.
Manually discovering compromised identities is near impossible. Azure AD uses adaptive Machine Learning algorithms to detect anomalies and suspicious incidents that indicate potentially compromised identities. It’s a reliable way to keep track of any suspicious activity so that you don’t have to.
You can automatically apply identity protection based on conditions or rules, for example, requiring an Multi-Factor Authentication (MFA) when the service notes that there are login attempts from multiple locations at once.
In addition, identity protection includes the ability to provide ‘just-in-time’ privileged access. This ensures your organization can reduce the number of static administrator accounts and have administrators request access to rights for a limited timeframe.
How to Upgrade Azure AD
Azure AD is a powerful tool for helping your organization manage your users, your data, your identities and your access to systems. Upgrading Azure AD opens a whole new world of opportunities to increased security, identity protection, conditional access, device management, multi-factor authentication, system health and much more.
Image Source: Microsoft Ignite – Azure Active Directory
As the 1st Microsoft Cloud Partner in Canada, we help enterprise organizations get the most out of Azure AD, through leverage their existing edition of Azure AD or upgrading to an enhanced edition of Azure AD to lessen the burden on their IT team and improve security, identity and access to their systems.
Ask us how you can improve your use of Azure AD today by calling 1 888 952 8800 or by emailing email@example.com.
Author: Bruce Piper
Bruce Piper is an experienced Solutions Architect with a demonstrated history of working in the information technology industry. Piper is seasoned in Service Delivery, Enterprise Software, Messaging, and Enterprise Architecture. Piper has a Diploma of Technology focused in Electrical and Electronics Control Option from British Columbia Institute of Technology. When not immersed in the world of tech, Piper enjoys traveling the world.