Azure Active Directory Premium P1 to be Part of Microsoft 365 Business
As Brad Sams recently reported on Petri, Microsoft is rebranding some Office 365 SKUs at the end of April. Among those to be rebranded are Microsoft 365 Business, which starting April 21st, will become Microsoft 365 Business Premium.
Microsoft announced this month that it would be bringing Azure Active Directory (AAD) Premium P1 features to Microsoft 365 Business. The article was updated April 8th to say that new Microsoft 365 Business customers were already getting access to AAD Premium P1. And Premium P1 will roll out to existing Microsoft 365 Business customers over the next few weeks.
Before these changes, Microsoft 365 Business had just some of the capabilities that are part of an AAD Premium P1 subscription. Microsoft 365 Business subscribers had access to:
- Conditional access
- Self-service password reset
- Multifactor authentication
But with the full set of Premium P1 features, which usually cost $6 per user/month, Microsoft Business 365 users will additionally get:
- Cloud Discovery
- Application Proxy
- Dynamic groups
- Passwordless authentication
- 3rd party multifactor authentication (MFA) partner integration
- Azure Information Protection (AIP) integration
- And many more features
You can find a full list of available features in the Premium P1 plan on Microsoft’s website here.
Microsoft 365 Business focus on security
Microsoft called out the first four features as significant for Microsoft 365 Business subscribers.
Cloud Discovery uses Internet traffic logs to learn and analyze which cloud apps are used by an organization. You can either create a snapshot report by uploading log files from your firewalls or proxies; or set up continuous reporting by using Cloud App Security log collectors to forward logs to Microsoft.
Microsoft maintains a catalog of more than 16,000 cloud apps that are rated and scored so that you can establish the risk involved in their use. Cloud App Security can be used to sanction or unsanction access to cloud apps.
Application Proxy is a service that lets remote users access intranet apps securely without using technologies like virtual private networks (VPN), DirectAccess, and reverse proxies. In fact, as I recently wrote in Choosing between Virtual Private Network and Zero Trust Remote Access Solutions on Petri, Application Proxy can be used to enable zero-trust networks. Security experts consider zero-trust networks to be more secure than traditional remote access technologies like VPN.
Zero trust is a security framework that dates from 2009. The idea is that you shouldn’t trust anyone. Not even your own employees. Every user accessing your network must be verified. Policies limit the access employees have to corporate IT resources. And policies should provide just enough access to complete work-related tasks and nothing more.
Dynamic Groups let IT administrators set up rules so that users and devices can be automatically added and removed from AAD groups. For example, administrators can create rules using attributes like accountEnabled, userPrincipalName, and proxyAddresses, along with operators to make complex expressions. To help create rules, Azure AD has a rule builder feature.
Passwordless authentication is something Microsoft has been promoting for several years now. Passwordless authentication in Microsoft 365 Business works with Windows Hello for Business, FIDO2 security keys, and the Microsoft Authenticator app.
For more information on how passwordless authentication works in Hybrid Azure AD setups, check out How FIDO2 Passwordless Logins Work in Hybrid Azure AD Environments on Petri.
More secure cloud computing
As more of us work from home, the addition of Application Proxy to Microsoft 365 Business could help increase adoption of zero-trust networks. Passwordless authentication can also significantly improve an organization’s security posture by doing away with insecure passwords and the complexities associated with managing them.
Microsoft is taking security seriously and it is a competitive advantage for its cloud services. The more security features available to organizations, the better. And this is a step that will help bring otherwise out-of-reach security solutions to more people.