How to Secure Your User Identities with Microsoft Cloud
Azure Active Directory is Microsoft’s identity management solution in the cloud. It’s similar to the active directory on premises, but it comes with a lot more security features.
“Identity has become the new control plane,” says Ego Chidolue, Azure Business Development Manager, CDW Canada, speaking at CDW’s 2022 Business Technology Expo. “It’s not just working within your physical offices today; the workforce has become largely remote and hybrid. So it’s critically important that organizations plan around securing their identity.”
“Since we started to work remotely, and even before that, researchers confirmed that 80 percent or even more of attacks originated from compromised usernames and passwords,” says Wael Abdelmagied, M365 Business Development Manager, CDW Canada. “This is why we need to protect their identities, especially now that identity is not only about your username and password, it’s more about your devices, cloud apps and partners, and this is a lot to control.”
“Microsoft has a very broad range of security technology,” says Ego Chidolue. “They provide solutions around protecting your infrastructure, on-premises or in a multicloud environment, but today we are focusing on the identity level of protection.”
How to apply the zero-trust and shared responsibility models
“The easiest way to think of zero-trust is to assume an intent to breach,” says Chidolue. “Assume that everything is available over the public internet on an open network. It’s important to trust no one, verify everything explicitly and to grant less privileged access to all your user accounts.”
“With the shared responsibility model, you understand where your responsibility lies in planning your security. That will also depend on the type of deployment model. Are you working fully on premises today, are you working in a hybrid environment or are you fully in the cloud? With a fully cloud environment, you will be responsible for protecting your information, data and user identities,” says Chidolue.
How Azure Active Directory supports identity protection
Azure Active Directory is Microsoft’s identity management solution in the cloud. “It’s similar to the active directory on premises, but it comes with a lot more security features,” says Wael Abdelmagied. “The beauty of Azure Active Directory is that it’s not only protecting your Microsoft Office or Azure, but also your SaaS applications in the cloud.” You can even protect your on-premises infrastructure, as well.
“With Azure Active Directory, you can add another layer to protect your identities, like multifactor authentication (MFA),” Abdelmagied continues. “When you add another layer on top of your username and password, you have multiple options, like the Microsoft Authenticator app, verification codes or even receiving an SMS or call on your mobile.”
Conditional access in Azure Active Directory
“We hear from customers today that they have users joining from remote locations, as well as partners and contractors joining with different devices,” says Ego Chidolue. “What options do we have to secure users that are joining from remote locations, and also across various devices?”
“One of the great features of Azure Active Directory is conditional access, where you can start to control the different parameters in your environment,” says Wael Abdelmagied. “It’s not only the username and password. You have different devices, user logins from remote locations, different web services in different places. So with conditional access, you will be able to control a lot of things.”
“We can set conditions, like employees or partners, if we have third party partners that want to connect to our SaaS or on-prem applications. We have trusted devices – maybe your organization only works with Windows devices, so you can control this. We have physical locations or remote locations, and we have client apps. And once we use the power of cloud and machine learning, we can assess the risk, and according to the risk, we will be able to take action, even allowing or blocking access for this user. We can ask for MFA to make sure this is the right person, or even force a password reset. And this is not only for the Microsoft apps; it covers third-party SaaS applications, on-premises and web services,” says Abdelmagied.