How to avoid unauthorized access to your company's data: Protect the identity of your users through Azure Active Directory Premium
Do you know who is accessing your company's data right now? Can you automatically detect an intrusion risk and deny access to your data?
Lately, the theft of passwords has proliferated alarmingly through fraudulent emailing practices with the aim of inducing the recipients to reveal their personal information (a technique called Phishing, which according to studies is used in 81% of attacks). the companies).
To get a password, hackers send their victims an email in the name of a real person with a text and a link to ask the user to perform an action that actually directs him to a fake website (imitating the login to Office 365) , to a bank, LinkedIn, etc). Logically, once the user enters their credentials in these fraudulent web pages ..., these are compromised, immediately causing a severe security breach in the company.
But, if in addition, we consider the growth of the use of applications in the cloud along with the fact that many users often reuse the same password to access them (for their convenience to remember them) and the known leaks of user data. large social networks and consumer services of the last 12 months (such as Google Plus, Facebook, Movistar, IESE, Adidas, Job Talent, Ticketmaster, my Heritage among many others), the threat of security for companies is huge in the face of risk that a cybercriminal obtains just a password from any employee that he uses for personal issues in applications and portals.
The solution to this headache for the IT departments is in the cloud and it is called Azure Active Directory, because it can facilitate, through a single and protected identity (single sign-on), a secure access validating that the users that They try to connect to corporate applications whether they are at home (on-premise) or in the cloud, they are who they say they are, also greatly simplifying IT management.
Benefits of Azure Active Directory
For the users:
- Protection against situations of attempted identity theft, thanks to features that guarantee that the user is the one who claims to be adding a second verification at the time of identification (two-step authentication) and intelligent analysis systems to detect fraudulent uses based on detection of very suspicious behaviors.
- If before the user managed multiple passwords (even if he incurred the risk of establishing the same), with AAD the user stops having a password per application and instead has a single identity to access all applications in a unified manner approved by the company. Therefore, once you log in (on your computer or in an Office 365 App), the user should no longer enter credentials in the applications that are configured as such.
- Autonomy for the change and reestablishment of passwords, without dependencies of IT.
- Validation without password (using mobile).
- Greater control over access to data and applications from the outside.
- Tranquility that the identity of users is well protected against attempts to impersonate and its consequences.
- Simplification of the management of passwords, users, groups and access to Cloud applications.
Overview of the main features of Azure Active Directory Premium
Protection against vulnerable passwords
Most people choose to use weak passwords, either because of the ease of remembering them or because they are unaware of how easy it is for a hacker to obtain weak passwords using techniques to discover user passwords, such as the so-called brute force .
E conditions Azure Active Directory
Azure Active Directory (AAD), is offered in several editions: Free, Basic, and those that incorporate security features that help us protect the identity of users and their access to our applications and data: Premium P1 and Premium P2.
Free Edition: Included in Office 365 , you can mainly:
- Synchronize local active directories with the cloud directory (Azure Active Directory), including passwords.
- Possibility of using the same identity (user and password), to access other applications in the cloud. Limited to 10 applications.
- Manage users, groups and self-service password change only for users created in the cloud (not synchronized).
- Possibility of having guest users using their own identity (coming from other companies that also use AAD). This feature, called B2B collaboration, allows up to 5 guests per license, the guest receiving the characteristics of the license.
Basic Edition: Benefits of the free edition and in addition:
- Self-service password reset for users created in the cloud.
- Possibility of using the same identity (user and password), to access other applications that we have in-house (on-premise), typically web applications or that are hosted behind a remote desktop, through the " AAD Application Proxy " feature. Limited to 10 applications.
- Customization of the login page to applications in the cloud with the company's brand. Very useful to avoid theft of credentials.
Premium Edition P1: Benefits of the basic edition and in addition:
- Self-service reset and password change from outside the company for synchronized users.
- Authentication in two steps, to ensure the identity of the user (through SMS, call or mobile App), including the possibility of setting up trusted locations (branches, offices, ...) to reduce the impact to users.
- Possibility of using the same identity (username and password), to access without limit other applications that we have in-house.
- Detection of cloud applications not managed by IT that are used by the company's users ("Cloud App Discovery"), with the objective that administrators can configure (force) access to them using a single identity (single sign). on), thus controlling the Shadow IT
- Synchronization monitoring agent between the local AD and Azure Active Directory: Users, passwords and domain controllers.
- Conditional access to limit access to applications from outside the company (based on group membership, geographic location and device status).
- Make changes to Groups from Office 365 that will be synchronized with the local active directory.
- Possibility of creating dynamic groups (using rules according to user or device properties).
- Advanced security reporting:
- Report with all the logins.
- Report of "logins at risk" grouped by the concept of "risk events" such as "Users with lost credentials", "Logins from anonymous IP addresses". 30 day withholding
Premium Edition P2: Features of the Premium P1 edition and in addition:
- " Identity Protection": Conditional access based on configurable risks . To do this, strange behaviors are analyzed (for example, you have logged in from very distant locations in an impossible time, you try to access from a computer not managed by the organization).
- Privileged Identity Management: Administration and protection of administrator accounts, allowing assigning the role of administrator to a user temporarily, alerting of the change and supervising their access to resources among other functions.
- Very advanced security reporting:
- The "risk events" are categorized by severity and type of detection. In addition, more "risk events" are introduced
- The retention of the report of "logins at risk" is increased to 90 days
In short, Azure Active Directory is the key to help protect the identity of users, closing the main gateway to cybercriminals and also facilitating secure access to all applications (be they at home or in the cloud), reducing management to the IT departments.
Do you want to know more about how to improve security by protecting access to your data and applications?