Azure AD Identity permit to secure your Azure Active Directory. The Identity score is a number between 1 and 223. He permit give an Indicator for how aligned you are with the Microsoft Best Pratice. This Best Practice is a recommandation for the security of your Azure AD, users, … The Identity score feature can be used by Global admin, security admin ou security readers. The secure score contains five categories :
Azure AD Connect cloud provisionning meet the needs for hybrid management. The following advantages are offered by this functionality.
It is strongly recommended that you use the MFA solution to secure authentication in Azure AD. However, this requires the use of a password and a second factor (phone, mobile phone, mobile application). Microsoft recommends to stop using password.
Azure PIM PIM (Privileged Identity Management) is a service used for manage and monitor access of the privilegied ressource. This ressource can be Azure AD ressource, Azure ressource or other (Office 365 or Microsoft Intune). It is important to limit the number of people with privileged access. This reduces the attack area of a malicious actor. With this feature, organizations can give users just-in-time (JIT) privileged access to Azure resources and Azure AD. PIM offer this functionnality :
Azure Active Directory Identity Protection permit to automate the detection and the remediation of identity-based risks. He permit to investigate risks using data and export risk detection data to third-party utilities.
Authentification without password The mutli-factor authentification or MFA permit to secure the access to the company’s cloud resources. With the functionnality of passwordless in Azure AD, the password is removed, the user can access to the cloud ressources without password. However, they must authenticate themselves from their phone (Microsoft Authenticator app) or Windows 10 computer (FIDO2 security keys).
The Pass-through Authentication This authentification allows you to use the same password for the on-premise and Cloud-based applications. However, it’s important to note that user authentication is done through the Active Directory on-premise and not through Azure Active Directory. It’s a good alternative to Azure AD Password Hash Synchronization. However, it makes it easier to apply a security policy to passwords.
We have had the possibility for many years to join a machine to an Active Directory domain. With cloud services (Office 365, Azure AD, …) identity management has become a very important point. Microsoft implemented in Windows 10, the functionality Azure AD Join (previously Workplace Join) allowing the junction of the machine in Azure AD Join.
Licensing is an important part of a cloud service. It allows a user to access and use the service concerned (Office 365, Azure AD, …). This action was operating through the Office 365 console, so Microsoft now enables licenses to be enabled from the new Azure console (Ibiza).
It is unfortunately common to see in a company of cloud applications (dropbox,…) used in services unless the IT team is aware. This can cause data loss and security problems. Cloud App Discovery is a feature present with the Premium of Azure AD version, it allows to perform application detection cloud used by the company.