The Azure Active Directory Roadmap for Strong Security in Hybrid Work

Post Date: 03/05/2021
feature image

Check out the rest of our Microsoft Ignite 2021 coverage below:

It’s been a year since most of us have shifted to a new work setup when most organizations were forced to have employees work from home. Fast forward to today and many are now either going back to their offices or are working via a hybrid setup. Whether working from home or at the office, though, security should always be a top priority of every organization, big or small. Microsoft’s Joy Chik took her session to explore the rollout of exciting new Azure security features presented by Joy and her team.

As more workers are working remotely, security attacks and information breaches have become rampant since more data is being collaborated on in the cloud. It’s now more beneficial than ever to have a secure and strong cyber defense. During the session, it was mentioned that the right approach to maximum security with maximum flexibility for users is Zero Trust. So, what does this mean? It basically encourages administrators to:

  1. Verify explicitly – Before giving out or approving access requests, it’s best to check everything first.
  2. Use least privilege access – Always grant the least amount of access necessary
  3. Assume a breach – This mindset will let you build a strong protection framework in case an attacker gets inside your network.

These Zero Trust principles can now be easily implemented by administrators with the new Azure feature and roadmap, and best of all they will be beneficial to the end user and admin experience alike. Here are four great security features that can be leveraged in no time thanks to Azure Active Directory.

1. Passwordless Authentication

Despite the current worldwide situation, many are still getting hired in the middle of the pandemic, and businesses have been struggling a bit to set up new hires remotely. Passwordless authentication seeks to ease this process. Instead of the IT team working to help every new hire, they can just send a machine with a security key and instructions on how to proceed. Then the user can register the security key and link it to the organization identity that can be used across different platforms.

This feature allows a passwordless authentication that can be beneficial not only to the user–saving them extra time logging in and having a more secure authentication–but also to the administrator as this will lessen password-related requests. This can also be adapted with your current multifactor authentication. Passwordless authentication is now available for Cloud and hybrid environments, so make sure to check it out.

2. Verifiable Credentials

Aside from passwordless authentication, another great new feature is verifiable credentials. Verifiable credentials are stored as a digital card in your Authenticator app that you can use in sharing your information. It’s where your credentials are placed, portable, and verifiable. This instant verification can be easily added to your existing identity systems and workflows.

How it works is that it uses an open-source blockchain solution that nobody owns and controls, including Microsoft. This is revolutionary for digital information exchange, information that includes the user’s acquired certifications, employment history, and other basic personal information that can be utilized across the organization.

One great advantage of these stored verifiable credentials is the amount of time it could save gathering a user’s information. Instead of allotting days or weeks to verify simple info, this digital card could drastically shorten the process (plus you can be sure that the credentials stored are secure). And if access is no longer needed, the user can just simply revoke it easily from the Authenticator app. See how it looks below:

3. Integrate All Your Resources and Apps to Your Azure AD

Isn’t it nice to have all your resources in one place? Not just for easy navigation, but to prevent security issues. One of the most exciting additions discussed in this session was the new integration of some of your most used apps to your My Apps portal. One example shown was the integration of Amazon Web Single Sign-on to Azure Active Directory; you can log in to your AWS with your Azure AD credentials for easier and more secured access. Microsoft continues to integrate more apps with Azure for single sign-on access, including Zoom and Google Meet. Here’s the current and growing list of apps that you can integrate:

4. Authentication Context for Conditional Access

Currently, most organizations have a conditional access policy as part of their security protocol. However, this can be more secured by requiring leveled-up authentication based on what your user is trying to do. A good example would be allowing a user to view an invoice from your accounting mobile app but blocking them when they want to do a wire transfer. This is where the authentication takes place; if an administrator sets the right protocol for conditional access it’ll be a more powerful security feature. You can set an identifier to your conditional access that will trigger the authentication context created. This feature can also be used to keep unauthorized users from accessing confidential files.

The application environment differs from organization to organization; some are hybrid, and some are in a multi-cloud, but the best way to secure your defenses in the long run is to manage everything in the cloud. This is another great reason to use the Azure Active Directory authentication as you no longer need to separately protect your on-premises application–it can protect the entire environment both on-premises and in the cloud as shown in the image below.

azure active directory

Don’t worry if it seems hard to transfer some of your applications to Azure AD; there are tools available that can help you migrate them to the Azure cloud easily in the ADD admin center. To help you decide and to overview the migration, ADFS activity, and insights, the report will assess ADFS applications’ compatibility with Azure AD in preparation for migration.

It’s very exciting to see the future of security for hybrid work set up with Azure Active Directory. With these new features, security can be achieved by administrators without taking the flexibility away from end users.

For more insights from this year’s Microsoft Ignite, be sure to subscribe to our blog!

Adrian is currently a member of AvePoint's project management team. In his previous role as a Content Marketing specialist at AvePoint, Adrian covered the latest trends and topics on what’s new in technology, SaaS Management & Governance, SaaS Backup and Data Management.

View all posts by Adrian Valencia

Subscribe to our blog