By Bryan Timm
Azure Active Directory (AD) is an Identity and Access Management (IAM) system. It provides one place to store multiple digital identities. You can also configure your software applications to use Azure AD as the place where user information is stored.
Azure Active Directory is the latest evolution in Microsoft’s constantly evolving product line for identity and management services. Now, they have extended their identity and management services to the cloud. The ability to manage multiple on-premises infrastructure components and systems using a single identity per user is a feature that was introduced in 2000. It was introduced as part of Active Directory Domain Services in Windows. Organizations can still utilize on-premise Active Directory in conjunction with Azure Active Directory.
Azure AD must be configured to integrate with an application. In other words, it needs to know what apps are using it for identities. Making Azure AD aware of these apps, and how it should handle them, is known as application management. A centralized identity system provides a single place to store user information that can then be used by all applications.
Azure AD takes this approach to the next level by providing organizations with an Identity as a Service (IDaaS) solution for all their apps across cloud and on-premises. This allows you to simplify your user experience with only one sign-on experience.
Why is Azure AD important, and how can it help your business? With a single IAM system in place, organizations can leverage one sign-on platform for thousands of applications. This would allow your users to start focusing on their jobs and less about logins and passwords, and executive can be rest assured that only the right people are accessing the right information.
What is Multi-factor Authentication?
Multi-factor authentication (MFA) allows you to take the protection of your users to the next level. It adds a layer of security to each account. Even if a malicious third party is able to obtain a user’s password; they won’t be able to take any action with it, if multi-factor authentication is set up.
Multi-factor authentication is one form of protecting your user accounts from malicious access. It is a process where a user is prompted during their login for additional form of identification. This could be one of a few things, including a code from your cellphone or a fingerprint scan.
When is the last time you received an email that was spoofed to look like another companies login page, such as an Office 365 login? Malicious parties gain access to your account after you have unintentionally entered your credentials into their faux website. If you only use a password to authenticate a user, it leaves an insecure vector for attack.
This is not the only way that a breach can occur. Many times, accounts are compromised by utilizing the same password across multiple accounts. For example, using the same password at a retail website that had its database breached and not having some secondary form of authentication leaves your company accounts exposed.
Azure AD Multi-Factor Authentication works by requiring two or more of the following authentication methods:
- Something you know, typically a password.
- Something you have, such as a trusted device that is not easily duplicated, like a phone or hardware key.
- Something you are – biometrics, like a fingerprint or face scan.
As an administrator, you can define what forms of secondary authentication can be used. You can also allow your users to register for self-service password resets; in the event that your administrator isn’t available for an immediate password reset. Azure AD Multi-Factor Authentication can also be required when users perform a self-service password reset to further secure that process.
Azure AD Multi-Factor Authentication is all about simplicity for the user. Your data and applications are safeguarded by Microsoft, while allowing for a smooth user experience utilizing the password they are used to and their cell phone, or other forms of secondary authentication. Users may or may not be challenged for MFA based on configuration decisions that an administrator makes.
Azure AD Multi-Factor Authentication does not require any changes to work with existing Microsoft application and services. The verification prompts are part of the Azure AD sign-in event, which automatically requests and processes the MFA challenge when required.
What is Conditional Access?
Ensure a smooth user experience by configuring Conditional Access. Conditional Access is the tool used by Azure Active Directory to enforce your organizational policies. This is the soul of the new identity driven control plane.
At its simplest, Conditional Access is just if-then statements. If a user wants to do ABC, then they must do XYZ. A common scenario for this if a user wants to log in outside of the office, then they must pass multi-factor authentication.
Administrators are faced with two primary goals:
- Empower users to be productive wherever and whenever
- Protect the organization’s assets
Keep your user base safe, while configuring the right controls to minimize their time spent on the phone with IT.
Integrate applications with Azure Active Directory
Azure Active Directory also allows for single sign-on for thousands of applications already integrated with it. Accelerate adoption of your application in the enterprise by supporting single sign-on and user provisioning, and enrich your application by connecting to user data with Microsoft Graph.
You can use Azure AD as your identity system for just about any app. Many apps are already pre-configured and can be set up with minimal effort. These pre-configured apps are published in the Azure AD App Gallery.
You can manually configure most apps for single sign-on if they aren’t already in the gallery. Azure AD provides several SSO options. Some of the most popular are SAML-based SSO and OIDC-based SSO.
Reach enterprise customers
- Allow users outside of your organization to sign in with their Microsoft work or school account. 90% of Fortune 500 companies use Azure AD, the sign-in engine for Office 365.
Reduce support costs
- Azure AD handles the maintenance, administration, and infrastructure costs associated with identity and access management.
Help secure data and resources
- Extend Azure AD security features to your application. Meet enterprise security and governance requirements to help customers protect their data and resources.
There are currently over three thousand applications that have existing integrations with Azure Active Directory services. You can find a directory of those applications on Microsoft’s website.
Trust the Experts
- Microsoft invests over USD 1 billion annually on cybersecurity research and development.
- Microsoft employs more than 3,500 security experts focused on securing your data and privacy.
- Azure AD manages more than 1.2 billion identities and processes over 8 billion authentications every day.