Microsoft EMS Components: Azure Active Directory

Azure Active Directory SSO

This article is the second in the series and follows “What is Microsoft Enterprise Mobility Suite.” In this article, I’ll review Azure Active Directory and explain why it’s convenient for the enterprise. Azure Active Directory (AAD) is the cloud implementation of Microsoft’s widely adopted domain credentialing system included with Windows Server. In Microsoft Enterprise Mobility Suite, Azure Active Directory is the glue that helps all other components work together.

Key Features of Azure Active Directory

Throughout the years, identity management has become increasingly more complex. In an on premise implementation, all passwords can be easily controlled and made legally compliant. When everyone brings their own device and uses all sorts of services, keeping that control is a major challenge. Azure Active Directory can be integrated to the existing Active Directory used on premise and thus be extended to the thousands of SaaS available with SSO integration. As a result, users no longer need to keep credentials for the domain AND each of the individual SaaS they use.

Central Management

Just like its on premise counterpart; AAD allows for administration in a single environment. While the administrators may be as distributed as the enterprise needs them to be, the tool they use is cloud based and central to all admins. Azure Active Directory can be implemented as a standalone Active Directory solution that runs the credentialing for the enterprise, or as a hybrid implementation where it syncs up with the Windows Server Active Directory solution running on the enterprise’s local network.

When the tool is located in a single place, it helps the enterprise keep all resources better organized. It also helps those admins become more consistent by having access to view their peers work. In separate management locations, this is more difficult as they would have to connect into the same system in the other locations.

Enhanced Productivity

Users work much more efficiently when they don’t have to worry about remembering multiple user IDs and passwords. Applications from both Microsoft and thousands of third parties are pre-integrated into Azure Active Directory. Integrated apps, SaaS and web apps use AAD as a way to provide Single Sign-On (SSO) capabilities to the enterprise. Additionally, this allows those third-party vendors to offer a much more consistent set of tools across multiple platforms. Helpdesk calls can also be reduced because users can use self-service features to reset forgotten passwords and get access to services.

Having too many passwords, the opposite of SSO, creates the undesired effect of having to keep track of those passwords. Passwords not only cannot be the same for security reasons, but they also need to meet potentially different security requirements. This also increases the chances of calls into resetting passwords as opposed to having a self-service site.

Enhanced Security

AAD provides multi-factor authentication, which is a way to confirm identity by asking for a second set of data. For example, by sending a code into your already known cell phone via a call, text message, email, etc. is a great first step into greatly reducing risks from authentication and credentialing.

Complex conditional access policies also help in reducing the risk of user accounts being lost or abused. Cloud user identity management also means that credentials are provided, validated and applied into services online within an expertly secured network. Managing remote access to servers, cloud instances and web applications through Azure Active Directory is safe and certified for compliance to multiple international standards.

Enhanced Reliability

Azure Active Directory is implemented as a cloud service with high availability and high reliability service. This allows for a worldwide enterprise grade service that is offered as a SLA guaranteed service. A guaranteed service via SLA lets customers know that Microsoft is confident in their ability to meet their compromise. Microsoft backs their SLA with the guarantee of paying back customers for SLAs that were not met.

An always-reliable service that sits in the cloud and requires no hardware maintenance is very attractive to enterprises. This way, enterprises can focus their efforts into what is more important to them.

Better, Safer Management of Credentials with Azure Active Directory

AAD is a key component of EMS. It provides a huge advantage towards better and safer management of credentials. More EMS component reviews to come soon.