Today, organizations face many challenges in granting access to the applications and devices their users need—while keeping their assets secure. What if there was a way to enable users to work on the devices of their choice and provide consistent access to corporate resources—all delivering a layer of security to help reduce risk? And what if we could do all that and deliver unified application and device management for both on-premises and cloud access?
That’s where Microsoft Azure Active Directory (Azure AD) comes in. This platform provides identity and access management in a cloud-based solution that delivers robust capabilities to manage both users and groups. You get secure access to on-premises and cloud applications, including Microsoft products like Office 365, as well as many top-tier third party products in other SaaS applications. Azure AD is extremely reliable, providing 99.999% uptime with multi-tenant, geo-distributed design that can be relied on for your most critical business needs. Azure AD has four editions: Free, Basic, Premium Plan 1, and Premium Plan 2, which all have their own specific feature sets.
Today, let’s discuss some of the features in Premium Plan 1 and Plan 2. (Everything in Premium Plan 1 is also included in Premium Plan 2). The Premium plans offer the ability to allow users to self-service password reset/change/unlock, which can help free up IT resources. There is also a reporting system that will track when users access their system, along with notices of when misuse of this feature may have happened. Microsoft has included a two-step verification method that adds another layer of security to user sign-ins and transactions. The multi-factor authentication can work with multiple methods, such as a password, using another trusted device for a pin or code, and even biometrics.
A key feature in Plan 2 that I think is extremely useful is identity protection that can detect potential vulnerabilities in identities, configure responses that may have been detected, and even investigate suspicious incidents and take action to resolve them. This feature can help with “risky” sign-ins, which can track where a user logs into a system. For example, if a user logs in from Vermont, but an hour later appears to log in from California, the system will deem this “impossible travel” and alert your admins that the user’s identity may be compromised. Azure AD can help many organizations empower users to access the applications and data they need while providing the necessary security to protect your most valuable assets.
If you’re ready to investigate the security features of Azure AD, our experts in the Microsoft Center of Excellence are here to help.