During the 2020 pandemic, there was a shift from office-based authentication to home working. Fortunately, most of our clients had already migrated to the cloud and their phones were cloud based. If the business was not cloud centric, they would need access to data and if the physical server was in the office, then this posed a few problems.
Data needs to be accessed on the office server, so the user would need a VPN to connect. Access can be clunky or laggy, and the experience is never quite as good as a seamless cloud solution or local access.
Many users were already in the Office 365 way, using Teams to communicate. Within a single month Teams saw a 70% increase in daily users.
The pandemic in 2020 helped jump-start the adoption and implementation of Azure Active Directory (AD) to meet the rolling demands of a remote workforce.
With the move to hybrid work, it is essential that employees can work effectively and securely from anywhere, on any device. In order to make this possible, businesses need a comprehensive identity and access management solution. Traditionally, a server onsite would handle authentication through active directory that employees can use a VPN to connect to, however, many businesses are making use of a cloud-based solution, such as Azure AD.
What is Azure Active Directory?
Azure Active Directory is a cloud-based identity and access management solution that enables employees to access external resources, such as Microsoft 365 applications, and thousands of other SaaS (Software as a Service) applications. Although it is a cloud solution, it can also sync with an on-premises directory with Azure AD Connect. Simply put, Azure AD provides a single place to manage identity, security and compliance for employees, external collaborators and IT systems.
Easily deploy multi-factor authentication
With Azure AD, businesses can easily enable multi-factor authentication (MFA). MFA works by requiring two or more of the following authentication methods: something you know (typically a password), something you have (typically a trusted phone or hardware key), and something you are (typically biometrics, such as a fingerprint or facial recognition). This simple feature prevents 99.9% of account compromise attacks, as even if a password is phished, the cybercriminal is unable to obtain the second factor of authentication.
Enable Single Sign-On
Employees typically use many different applications and services on a daily basis. As each of these require login and authentication, this can result in a significant waste of time as employees have to re-enter their credentials multiple times. Furthermore, as each of these services should have a unique, complex password, many employees require their passwords to be reset if they forget them. To solve these issues, businesses can enable Sign Sign-On (SSO) with Azure AD.
Single Sign-On is a session-and-user-authentication service that allows users to have a single set of login credentials to access multiple applications. With SSO, employees are able to use their standard login credentials once, and are able to access all the applications, systems and cloud services necessary to do their job. This increases security, improves the user experience and can allow IT teams to spend less time dealing with password reset requests and more time working on other projects and priorities.
In some businesses, there are periods of time where external users need access to internal systems. With Azure AD, businesses can invite external guest users into their directory. This is especially helpful for short-term projects with a defined set of participants. Within Azure AD, administrators can define what resources the external user is able to access, ensuring that they only have the level of access required for the project. After the project is complete their access is revoked, which simplifies the management of user lifecycle.
Make use of Conditional Access
The move to hybrid work has created challenges for business as the security perimeter now extends beyond the network to include user and device identity. With Azure AD, businesses can set up Conditional Access policies to use identity-driven signals as part of their access control decisions. Some of the signals may include device types, IP location, application, risk level and user or group membership. With carefully considered Conditional Access policies, businesses can mitigate many of the security risks associated with hybrid working.
Options to suit all businesses
For businesses with an on-premises directory, this can be synchronised using Azure AD for authentication when accessing cloud and on-premises applications or resources. For businesses that do not have an on-premises directory, with Azure AD they may never need to buy one. Either way, Azure AD is a streamlined solution that protects your business with a universal identity platform that increases employee productivity.
It may be that your IT provider supplies Microsoft 365 but hasn’t yet enabled this important feature.
If your business is looking to take advantage of the benefits listed above, contact us today and we can help you simplify identity and access management with Azure Active Directory.