How to prevent unauthorized access to your company's data: Protect the identity of your users through Azure Active Directory Premium
Do you know who accesses your company data right now? Can you automatically detect an intrusion risk and deny access to your data?
Lately, the theft of passwords has proliferated alarmingly through practices of sending fraudulent emails with the aim of inducing recipients to reveal their personal information (technique called Phishing and which studies are used in 81% of attacks on the companies).
To get a password, hackers send their victims an email on behalf of a real person with a text and a link to ask the user to perform an action that actually directs them to a fake web page (imitating the login to Office 365 , to a bank, LinkedIn, etc). Logically, once the user enters their credentials on those fraudulent websites ..., these are compromised, immediately causing a severe security breach in the company.
But, if we also consider the growth of the use of applications in the cloud along with the fact that many users often reuse the same password to access them (for their convenience to remember them) and the known leaks of user data from large social networks and consumer services of the last 12 months (such as Google Plus, Facebook, Movistar, IESE, Adidas, Job Talent, Ticketmaster, my Heritage among many others), the threat of security for companies is huge at risk that a cyber criminal obtains only a password from any employee he uses for personal issues in applications and portals.
The solution to this headache for IT departments is in the cloud and is called Azure Active Directory, because it can provide, through a unique and protected identity (single sign-on), a secure access validating that users who They try to connect to corporate applications whether they are at home (on-premise) or in the cloud, they are who they say they are, also greatly simplifying IT management.
Azure Active Directory benefits
For the users:
- Protection against situations of attempted identity theft, thanks to functionalities that guarantee that the user is the one who claims to be adding a second verification at the time of identification (two-step authentication) and intelligent analysis systems to detect fraudulent uses based on detection of very suspicious behaviors.
- If before the user managed multiple passwords (even if he incurred the risk of setting it), with AAD the user stops having a password per application and instead has only one identity to access all applications in a unified way approved by the company. Therefore, once logged in (on your computer or in an Office 365 App), the user should no longer enter credentials in the applications that are configured.
- Autonomy for changing and resetting passwords, without IT dependencies.
- Validation without password (using mobile).
- Greater control over access to data and applications from outside.
- Peace of mind that the identity of the users is well protected against impersonation attempts and their consequences.
- Simplification of the management of passwords, users, groups and access to Cloud applications.
General chart on the main features of Azure Active Directory Premium
Protection against vulnerable passwords
Most people choose to use weak passwords, either because of the ease of remembering them or because they are not aware of how easy it can be for a hacker to obtain weak passwords using techniques to discover user passwords, such as the so-called brute force .
E conditions Azure Active Directory
Azure Active Directory (AAD), is offered in several editions: Free and those that incorporate security features that help us protect the identity of users and their access to our applications and data: Premium P1 and Premium P2.
Free Edition: Included in Office 365 , you can mainly:
- Synchronize local active directories with the cloud directory (Azure Active Directory), including passwords.
- Possibility of using the same identity (username and password), to access other applications in the cloud. Limited to 10 applications.
- Manage users, groups and password change self-service only for users created in the cloud (not synchronized).
- Possibility of having guest users using their own identity (from other companies that also use AAD). This feature, called B2B collaboration, allows up to 5 guests per license, the guest receiving the characteristics of the license.
Premium Edition P1: Benefits of the basic edition and also:
- Self-service reset and password change from outside the company for synchronized users.
- Two-step authentication, to ensure the identity of the user (via SMS, call or mobile App), including the possibility of configuring trusted locations (delegations, offices, ...) to reduce the impact on users.
- Possibility of using the same identity (username and password), to access without limit other applications that we have locally.
- Detection of cloud applications not managed by IT that are used by the company's users ("Cloud App Discovery"), with the objective that administrators can configure (force) access to them using a single identity (single sign- on), thus controlling the Shadow IT
- Synchronization monitoring agent between local AD and Azure Active Directory: Users, passwords and domain controllers.
- Conditional access to limit access to applications from outside the company (based on group membership, geographic location and device status).
- Make changes to Groups from Office 365 that will be synchronized with the local active directory.
- Possibility of creating dynamic groups (using rules according to user or device properties).
- Advanced security reporting:
- Report with all logins.
- Report of "logins at risk" grouped by the concept of "risk events" such as "Users with lost credentials", "Logins from anonymous IP addresses". 30 day retention.
Premium P2 Edition: Premium P1 edition features and also:
- " Identity Protection": Conditional access based on configurable risks . For this, strange behaviors are analyzed (for example, you have logged in from very distant locations in an impossible time, you try to access from a computer not managed by the organization).
- Privileged Identity Management: Administration and protection of administrator accounts, allowing to assign the administrator role to a user temporarily, alerting of the change and monitoring their access to resources among other functionalities.
- Very advanced security reporting:
- The "risk events" are categorized by severity and type of detection. In addition, more "risk events" are introduced
- The retention of the "logins at risk" report is increased to 90 days
In addition to these editions, Microsoft offered a basic ADF plan with lower than premium capabilities that was withdrawn on July 1, 2019.
In short, Azure Active Directory is the key to help protect the identity of users, closing the main gateway to cybercriminals and also providing secure access to all applications (whether at home or in the cloud) reducing management to IT departments.
Do you want to know more about how to improve security by protecting access to your data and applications?