31.5.2022 • Cloud infrastructure Security
Cloud directory takes best care of your users – put Azure AD at the heart of your identity management
Is the time of the local AD user directory over? Do we need separate identity management systems anymore? These are questions that many organisations are asking themselves at the moment. Azure AD offers many basic identity management tools as built-in features with no separate charge and as a constantly developed modern solution.
A brief history of identity management
Traditionally, the account creation process follows the same pattern in an organisation. In the smallest organisations, user accounts are created manually in the local AD. In medium-sized companies, the account creation process is carried out automatically based on batch processing in the HR system.
The bigger the organisation, the more likely it is to have a separate identity management system (IDM system). The purpose of an IDM system is to create user identities for different systems, handle authorisations and provide interfaces for updating data and requesting and granting permissions – just to mention a few.
When organisations started using Microsoft’s cloud services, their cloud identity needs were addressed by synchronising users from local AD to a cloud directory, Azure AD, without making other changes to the architecture. By 2022, however, Azure AD has become so much more: it even enables a Cloud-First strategy for identity management.
Azure AD – the centre of everything
In recent years, Azure AD has evolved into so much more than just a user directory. Nowadays it is a directory to which enterprise systems are integrated. Secure access to these systems can be ensured through modern integration protocols, easily and regardless of the location of the systems.
Azure AD is also increasingly a directory for device management. Many organisations are at least piloting cloud-based endpoint management, in which devices are managed mainly or entirely using cloud technologies. However, many are surprised to find out that Azure AD joined devices enable single sign-on to on-premises resources.
New features in Azure AD identity management
Traditionally, Microsoft’s response to organisations’ identity management system needs has been Microsoft Identity Manager (MIM). Microsoft has stated, however, that although MIM will continue to be supported, in the long term identity management features will be developed for Azure AD. In Azure AD, identity management consists of several features, the most important of which are:
- Many of you have already invited guest users to their Teams. This is a good example of a self-service process that is fully embedded in the API. You can take a step further by adopting Azure AD self-service password reset and self-service group management.
- More and more organisations are switching to E5 Security licenses. That way, your organisation can use the Access Reviews feature, which enables regular reviews and removals of guest users, among other things. Read more about Access Reviews in this blog post by Laura Kokkarinen.
- Many already know the Privileged Identity Management (JIT PIM) feature that enables the just-in-time activation and request of privileged access. This can also be used in Azure role-based access control (RBAC).
- Entitlement Management, a key feature rarely used for end users, enables different role-specific access packages and an access request process
- Azure AD enables direct integration with certain HR systems, such as Workday and SAP SuccessFactors. This is a crucial factor for truly cloud-based account creation. Account creation happens directly from the HR system to Azure AD, so there is no need to take a detour through local AD.
How to get started?
Should you put all your trust in the cloud? With Azure AD becoming an increasingly important part of architecture, Microsoft updated its service-level agreement (SLA) to promise 99.99% uptime for Azure AD.
When it comes to user accounts, few organisations have yet cut the cord with local AD, although their applications and devices are already in the cloud. You should start outlining your journey to a fully cloud-based model, because as I described above, Azure AD has several identity management features that enable streamlining your current needs.
The easiest way to do a full cloud migration is to start with sign-on – if you are still using ADFS (Active Directory Federation Services), get rid of it now. Another priority is efficient external identity management in the cloud with the new External Identities solution, which can also help save money on licenses when external users are utilised more extensively.
Put updating your identity management roadmap on your to-do list – take advantage of our help and expertise! Microsoft 365 customers have the best chance of ensuring the safe management of Azure, endpoint security, end-user identities and the safe use of M365 services and other enterprise applications.
Read more about our security services, get in touch with us and start leveraging the security of the cloud in your environment!