I’m excited to announce several new Azure Active Directory (Azure AD) product integrations are now available. By leveraging the power of Azure AD, these solutions can help streamline your identity access, governance, and authentication for stronger Zero Trustsecurity across your entire enterprise. Let’s look at some of the latest integrations that our partners have been working on in collaboration with our teams.
Traced integrates with Azure AD for stronger mobile threat defense
The workplace in 2022 includes the home, gym, airport, hotel, rideshare—virtually anywhere. To extend protection into our perimeterless environment, Azure AD now integrates seamlessly with Traced, a privacy-focused Mobile Threat Defense (MTD) provider. Using Azure AD’s Conditional Access to enforce Zero Trust security, Traced customers can now automatically restrict access from compromised or untrusted mobile devices to Microsoft 365 apps and thousands of Azure AD Gallery apps.
Figure 1: Traced—integrated protection for Azure AD and Microsoft 365 apps
Trustd MTD’s integration uses the device’s health status to restrict access to company resources at the user level, meaning devices remain protected even if they’re not known or managed by your security operations center (SOC). In this way, Traced acts as a policy enforcement point, providing access to Microsoft cloud apps only to trusted mobile devices. Its deep-learning engine spots malicious apps, and it provides crucial information for analysis and response. This new Traced integration will help customers achieve compliance and mitigate threats originating from users’ mobile devices.
Saviynt integrates bi-directional user risk sharing with Azure AD
Identity governance provider Saviynt has expanded its Enterprise Identity Cloud (EIC) integrations with Azure AD, now providing bi-directional user risk sharing for Azure AD P2 subscribers. Microsoft customers and partners alike can now build governance workflows using Microsoft Graph APIs in EIC that verify user risks obtained from Azure AD Identity Protection, including sign-in risks and user-linked detections.
Saviynt’s EIC integration with Azure AD Identity Protection automates identity-driven trust scoring, enabling customers to:
View risky identities across platforms and applications.
Aggregate identity and asset-risk signals from Azure AD Identity Protection and Saviynt’s EIC platform.
Give administrators and asset owners the ability to approve or reject access requests with full confidence.
Enable continuous monitoring of risky identities to prevent access leaks and reduce risk exposure.
Eliminate rogue access and enforce risk-based security policies with continuous access reviews of identities.
Saviynt can also flag users as high risk in Azure AD, based on risks that Saviynt determines through its EIC and cloud privileged access management (PAM) solutions. This way, customers can block or take additional actions on risky user access while protected by user risk-based and sign-in risk-based Conditional Access.
Fastpath integrates user access analysis with Azure AD Identity Governance
System administrators and security professionals are aware that threats don’t always come from outside. Often, financial fraud is carried out by individuals within an organization who have inappropriate access within finance, enterprise resource planning (ERP), and other business applications. Increasingly, the risks of excessive access are being scrutinized by auditors and regulatory bodies as well.
To protect organizations against these internal threats, including risks posed by users who might have existing access deep within business applications, Microsoft has partnered with Fastpath. This cloud-based risk and compliance management platform helps organizations track, review, approve, and mitigate user access and separation of duties (SOD) risks across many business apps, including Microsoft Dynamics 365, Salesforce, SAP as well as Zuora, Intacct, Acumatica, Peoplesoft, and more.
Fastpath is integrating the company’s Access Risk Monitor, which ties into those business apps, with Azure AD Identity Governance through Microsoft Graph APIs. This will enable Azure AD customers to use Azure AD with Fastpath to identify and resolve access risks before users are provisioned. Fastpath looks deep into applications associated with Azure AD entitlement management access packages and identifies potential SOD or other access violations within those applications.
Figure 3: solution architecture for Microsoft Azure AD Identity Governance with Fastpath Assure risk analysis
Additionally, using Azure AD entitlement management enables customers to confirm if users have inappropriate access or should take corrective actions to resolve an SOD conflict. This scrutiny helps an admin ensure that only the minimum access needed for users to perform their job functions is granted. The integration between Azure AD and Fastpath can play an integral part in achieving a broader reach in enterprise security, providing granular access reporting that’s incorporated into automated provisioning workflows, access reviews, and access certifications.
Strengthen authentication with integrations from Squadra Technologies, Thales, HID Global, and Yubico
Squadra Technologies’s new Security Removable Media Manager (secRMM) enables secure authentication for removable storage devices, such as USB drives.When someone plugs in a thumb drive or other removable storage device, Squadra’s secRMM prompts them to scan a QR code using Microsoft Authenticator, which acts as the person’s digital wallet. Squadra’s secRMM then enables authorization, or the ability to write to external storage media based upon device properties, users, files, and programs.
HID Global provides Azure AD certificate-based authentication (CBA) for its customers using Crescendo® smart cards and security keys. The Azure AD CBA integration enables centralized credential management with HID’s WorkforceID™ Digital Credential Manager, providing a comprehensive approach to security that strikes a balance between user experience and heightened protection.
To support Executive Order 14028 and National Security Mandate 8 that requires federal organizations deploy phishing-resistant authentication for employees, suppliers, and partners, Yubico has chosen Azure AD to provide cloud-native authentication for the company’s YubiKeys. With YubiKeys, users can login securely from anywhere—whether it’s bring-your-own-device (BYOD), work from home, or frontline worker scenarios—with just the touch of a finger.
Automatically provision employee data from Ultimate Kronos Group (UKG) to Azure AD
UKG Pro customers can now automate provisioning and management of employee data with Azure AD. With the new user provisioning capability, powered by Microsoft Graph, customers are empowered to build a more connected employee experience between people and HR workflows. UKG Pro users can now:
Control who has access to UKG Pro in Azure AD.
Enable users to automatically sign in to UKG Pro with their Azure AD accounts.
Manage your accounts in one central location—the Azure portal.
Azure AD protects access to your resources and manages all your identities in a central location, all while providing a seamless experience that keeps users productive. We’re constantly listening to our customers and working with partners to create new integrations that meet your needs. We look forward to sharing more integrations in the coming months that extend the power of our identity solution.