From single sign-on to multi-factor authentication, hereâs how Azure Active Directory Premium supports mobile security
Talk about an identity crisis. People live in a world today where the entry to just about everything is a username and a password. Keeping track of them is a headache. If youâre an IT administrator, youâve come to dread the growing stream of complaints from users. âI forgot my password!â âThe system wonât let me in!â
The solution is single sign-on (SSO) to multiple applications. It escalates to a necessity when companies grow faster than their IT resources. This is where youâll find on-premise identity management technologies, such as Microsoft Active Directory Premium, hard at work.
Weâre heading to the cloud
But things keep changing. Cloud-based SaaS applications are overtaking the traditional approach of device installations. Identity management on premise is insufficient for thisâhereâs why.
If all the applications in use by your company reside in your data center, Microsoft Active Directory is a solution for SSO. Each application connects to the local instance of Active Directory. Not everything lives with you, anymore, though. Many applications are migrating to the cloud today. Itâs a perfect recipe for identity crisis.
SSO has to become cloud-based, too.
Microsoft wouldnât be the technology leader it is today if it didnât anticipate changing customer needs. Its Active Directory SSO solution is best in class. Azure Active Directory (AD) premium delivers cloud-based SSO.
The core of how it operates is what makes Azure AD a perfect upgraded solution. On-premise directory service is still essential. What changes is that your data center doesnât have to connect to a growing number of SaaS external networks. It connects only to Azure AD. It acts as your cloud-based intermediary and makes direct connections to all external SaaS applications.
The identity crisis is resolved. Little about the process changes. Your IT department remains in control. User identities still come from your data centerâs directory service. The difference is that your users once again have access to both local and SaaS applications with a single sign on. Thatâs something they may have already sacrificed in order to use cloud-based SaaS applications.
Azure AD currently provides SSO to more than 2,000 cloud applications including Office 365, Salesforce, Dropbox, Workday, and ServiceNow.
Less trouble, more satisfaction
Itâs back to a single sign-on for users, and it reduces related troubleshooting for your IT administrators. Your cloud strategy is likely already a hybrid model, so Azure AD inserts itself with no disruption. Here are more benefits:
- Self-service password reset to reduce help desk calls.
- Multi-factor authentication options for greater security. This lets you require your users to provide a password and an additional piece of identity proof. Often itâs a code sent to their mobile phone.
- Group-based provisioning and single sign-on for thousands of SaaS apps. It also lets you automatically add a user to SaaS applications when the new user is added to Azure AD.
- Machine learning-driven security reports for visibility and threat management.
- Robust sync capabilities across cloud and on-premise directories.
- A tool for discovering which SaaS applications your employees are actually using.
- Secure remote access to on-premise applications without using a virtual private network (VPN).
Part of a complete solution
Azure AD is part of the Microsoft Enterprise Mobility Suite. Putting it to work for you empowers your people to be productive on the devices they love. It makes BYOD a viable proposition while protecting your companyâs assets.
The suite accomplishes this by moving on-premise services to the cloud. The result for your organization is a new direction that gives you security in the mobile-first, cloud first world. Microsoft Enterprise Mobility Suite is tightly integrated, so you have a unified solution for:
- Managed mobile productivity
- End-to-end information protection
- Identity-driven security
Weâll take an in-depth look at the mobile productivity and information protection aspects of EMS in future posts. Until then, you can contact MessageOpsâ mobility experts for help creating or strengthening your mobile strategy.