Sue Bohn, Vice President of Program Management, Identity and Network Access Division, Microsoft
Jay Kelley, Senior Manager of BIG-IP Security Product Marketing, F5
Erin Verna, Principal Product Marketing Manager, F5
Namita Singh, Senior Product Manager, F5
Hello! I’m Sue Bohn, Microsoft Vice President of Program Management for Identity and Network Access. In today’s blog, some key people behind F5 BIG-IP Access Policy Manager (APM) explain how Microsoft Azure Active Directory (Azure AD) helps make life easier for them—and more importantly—for their customers.
Enjoy this conversation with Senior Manager of BIG-IP Security Product Marketing Jay Kelley at F5 and his team members Erin Verna (Principal Product Marketing Manager) and Namita Singh (Senior Product Manager) as they fill us in on how F5 benefits from using Azure AD with Conditional Access.
Strengthen security at a lower cost with fine-tuned identity management via F5 BIG-IP APM
Microsoft: Tell us about your solution. What do customers gain from F5 BIG-IP Access Policy Manager (APM)?
Jay Kelley: Many businesses maintain a multitude of applications that they have acquired or custom-developed over the years. Those organizations face an enormous challenge in protecting all of their applications, especially those that have or were developed using a legacy authentication method that does not or cannot support a modern authentication front end, like Kerberos, header-based, or another method. It can be very expensive, human resource intensive, and time consuming for an organization to update or retrofit an application to support a modern authentication method. These methods can include Security Assertion Markup Language (SAML) or OAuth and OIDC, open standard authentication and authorization frameworks that third-party solutions can use without exposing user credentials.
BIG-IP APM serves as a translator of sorts between applications with legacy authentication methods and those using modern authentication, which rely on Azure AD identity layers. It’s very helpful—even crucial—for customers that have a mix of custom or legacy line-of-business apps and those using modern authentication to be able to access all of them together.
Microsoft: Why are custom and legacy line-of-business apps so problematic for companies, generally?
Erin Verna: It’s not that custom and legacy apps themselves are problematic. Many are critical to organizations and their day-to-day business. It’s their support for legacy authentication, or really their lack of support for more modern authentication, that can be challenging. As of late 2020, a number of enterprise customers averaged between several hundred to more than 5,000 legacy or custom apps that don’t or cannot support modern authentication. Even with today’s cloud migration momentum, most companies will retain a hybrid environment for the foreseeable future. Legacy and custom apps don’t often support single sign-on (SSO) or multifactor authentication (MFA), meaning organizations are left managing multiple methods of authentication, creating complexity and cost. This also increases the risk of cyberattack when paired with the trend of remote work using a variety of devices accessing corporate resources.
While traditional perimeter security will still be needed, today’s digital-first, app-access-from-everywhere world requires a new distributed security approach. This is why a Zero Trust approach has become so essential. Identity and access are core to this approach, and BIG-IP APM offers a way to bring support for modern authentication to every app. This means you can modernize authentication for your custom and legacy apps at your own pace.
Customizing access for every appwith Conditional Access in Azure AD
Microsoft: How can security professionals walk the line between protecting digital assets and ensuring a convenient user experience?
JK: The challenge lies in making apps accessible by users—employees, contractors, and other authorized folks—from anywhere using virtually any device while maintaining least privileged access, often in a Zero Trust environment.
Authentication and authorization are the front door of access. And identity and context are the core of Zero Trust. Is the user who they say they are? Why and how are they requesting access to this app, from where, what device, and more? That’s why our F5 BIG-IP APM solution makes use of identity management with Azure AD, using it to apply the user’s identity against the authentication policy for each app. Conditional Access policies work in concert with BIG-IP APM’s Identity Aware Proxy capabilities as part of a Zero Trust framework to fine-tune resource access—things like whether or not a user may access an app from a specific device, based on the group they are in, with a certain IP location, and even which functions they can access within that app.
And don’t forget, not only are users accessing apps from anywhere, but those apps can also now be hosted anywhere. Most companies are either moving applications to the cloud or taking advantage of software as a service (SaaS) apps as needed. But they still have a plethora of business-critical apps that can’t be migrated to the cloud, be replaced by SaaS apps, or even support modern authentication, making hybrid environments the new norm.
EV: And by enabling every app to be accessible through SSO, we do more than just improve the user experience—we reduce risk associated with the poor password practices that occur when users have to apply numerous credentials.
Providing value for all with a winning technology partnership
Microsoft: F5 has a well-established reputation for delighting customers. Do you feel that your relationship with Microsoft influences your standing with those customers?
JK: Absolutely. It means a lot to customers that we’re working with Microsoft, one of the top players in the cloud identity space. When you’re working with one of the best companies in the technology world and providing interoperability with their solutions in a significant, innovative way, you can shine in that trusted advisor role and deliver the capabilities that customers need.
Microsoft: What has the experience been like for F5 to partner with Microsoft?
JK: We collaborate with Microsoft not only on our work with Azure AD but also to introduce a variety of other Azure capabilities into our products. Blending Conditional Access into our Access Guided Configuration, which is the front end of our BIG-IP APM solution, gives our customers a straightforward way to better employ security for their modern and legacy applications and enhances their administrative experience, saving time and effort.
By collaborating with Microsoft and integrating BIG-IP APM with Azure AD and Conditional Access, we’re also delivering a powerful, enhanced user experience. That’s the future—I think that the more you can simplify security for customers and their users, the more successful you’ll be. That’s what has driven our partnership with Microsoft, and it’s been a winning strategy. Our partnership benefits all of us: Microsoft, F5, and our customers.
Microsoft: Can you talk more about what your collaboration with Microsoft delivers for your customers?
Namita Singh: The user experience is often marred by fragmented access to custom and legacy apps that still live in their own identity silos. This joint solution between Microsoft and F5 provides an excellent return on investment. That value will grow even more, given our changing world and its need for a hybrid work model.
EV: Using BIG-IP APM vastly simplifies the complexity that businesses face by helping them stand up the same access policies in front of all their apps—modern, legacy, and custom apps—within their hybrid cloud environment. With Azure AD, we create a single point of access and facilitate Zero Trust app access principles for those legacy and custom apps that otherwise would not benefit from modern authentication methods. That’s a pretty cool value proposition.
JK: We’ve shown how our companies can innovate together to resolve a specific pain point for customers—easily extending the life cycle for business-critical custom and legacy applications, saving customers time and expense while enhancing their user and administrative experiences.
We invite you to take a deeper dive into this topic. Learn more about the critical role that Conditional Accessplays in the F5 BIG-IP APMsolution.