First published on CloudBlogs on Dec 03, 2014
Enhancing security has always been a crucial part of Azure Active Directory, the cloud-based Identity and Access Management service of Microsoft and a component of the
Enterprise Mobility Suite
. The main message of the service, never was just to provide Single Sign On to all kinds of Public Cloud SaaS and on-premises applications but also to do that in a secure way.
In order to achieve that, many security functionalities are built in to Azure Active Directory Premium, but also to its free and basic
Password Hashing and MFA
Security enhancements start from the moment that an organization chooses to synchronize passwords with Azure Active Directory for hybrid scenarios. In this case, the password synchronization process is getting the hash of the password that is stored in the on-premises Active Directory, re-hashes it, and then store it in Azure Active Directory for user authentications. There is not a single step in this process that the user password is in a plain text format. It’s difficult and almost impossible to re-create the password from its hash, and the double–hashed form makes that even more difficult.
So now users can use their work credentials to authenticate against Azure Active Directory and gain access to all kinds of SaaS applications in any Public Cloud but also to on-premises applications.
Azure Multi-Factor authentication
can be used as a second layer of security to protect access to those applications in addition to strong passwords. With Azure Multi-Factor Authentication, users can use their phones or a mobile application that produces One Time Passwords to prove their identity and get access to their resources.
Many Azure Active Directory security reports and alerts are helping organizations to safeguard their resources. They also provide a clear view of who has access to what when it comes to Public cloud SaaS applications.
Basic security reports such as, sign ins from unknown sources or from multiple geographies in a short time frame and of course sign ins after multiple failures can provide a view to the administrator for possible threats to an organization’s resources. Alerts related to these reports are also mailed to Administrators when a critical mass of incidents is reported.
Additional, advanced machine-learning based reports, are available with Azure Active Directory Premium. Monitoring inconsistent access patterns can protect your business from threats not easily discoverable with traditional monitoring tools.
These reports are monitoring user access habits and usual behaviors and can report anything that seems inconsistent and suspicious. A great example of these advanced reports is the one that provides information for “sign ins from possibly infected devices”. This report is using the power and the worldwide presence of Azure Active Directory with billions authentications every day and information from Microsoft’s Digital Crime Unit that tries to identify infected devices/IPs that try to infect others. This information is compared with the access attempts to every organizations’ resources and provides a view of all devices/IPs that have been reported infected in the past few weeks and are accessing applications published via Azure AD.
But besides viewing these reports, administrators can take actions for specific records of them. Administrators can decide to ignore an event, block access of the suspicious user or enable Azure Multi-Factor Authentication for a user that appears in any one of the available security reports.
Audit reports and reports that monitor user password changes are also enhancing the security of Azure Active Directory from internal and external threats.
More reports are planned for the future and enhancements on the existing security functionalities like Azure Multi-Factor Authentication will arm Azure Active Directory against constantly evolving threats and will help you protect your business and empower your user to access all their resources from everywhere in a secure and productive way.
Azure Active Directory Premium today to see how it can keep your business secure.