Azure Active Directory is the starting point for Microsoft security solutions. For Microsoft, the concept of identity is an issue that should be looked at before endpoint solutions. It has a user-oriented perspective rather than a device. In other words, content and information-oriented solutions are prioritized rather than harmful-focused solutions.
Azure Active Directory, in its simplest definition, is the identity and access management service for Microsoft’s cloud-based services. Azure concept includes employees, customers, partners, applications, manufacturers, devices, objects. Azure Active Directory can authenticate and manage everything in this concept from a central place. This provides great convenience and advantages for IT employees and customers.
Azure Active Directory can provide secure authentication to Office 365 and thousands of SaaS applications. It is web-based and uses advanced protocols such as Azure Active Directory, SAML, OAuth 2.0 and Graph API. Provides Microsoft GRAPH and REST API management. Thanks to the multi-tenant feature of Azure Active Directory, different tenants can be managed from a single platform. Azure Active Directory can log and report the names, date and time, IP addresses of the applications that users log in.
Azure Active Directory Conditional Access
One of the most important features of Azure Active Directory is the ability to create Conditional Access policies. Conditional Access policies are a feature that controls users’ resource access based on the environment they are logged into. With Conditional Access, user access can be verified based on different conditions such as location, device type, risks, and applications.
For example, while certain selected users are allowed to log in to certain applications from Turkey, a rule can be written that prevents them from logging in from a different country. Likewise, while the Multi-Factory Authentication feature is activated when users log into applications outside the company, a rule can be written that can disable this feature within the company. As another example, users can only access applications from Android devices, while logging in from other devices can be blocked. Security can be increased to a higher level by creating many different rules such as these examples.
Azure Active Directory Connect
Today, institutions are increasingly using local and cloud applications as a hybrid structure. Users need access to apps both on-premises and in the cloud. Azure AD Connect application provides integration of Azure Active Directory and Windows Server Active Directory systems. Thus, users can use a single identity to access on-premises applications and cloud services. It is an easy deployment tool for sync and login.
Azure Active Directory Multi-Factory Authentication
One of the authentication options of Azure Active Directory is Multi-Factory Authentication. Multi-factor authentication is a system that requires the use of multiple authentication methods together. Thanks to the multi-factor authentication method, an important security measure is taken for attackers. Even if attackers learn the Azure user’s password, the user must have the secure device to log in.
Additional authentication options are Microsoft Authentication app, SMS, OATH token, and automatic phone dialing. If sms application is selected as additional verification, sms is sent to their approved phones after users enter the user name and password while entering the applications. After entering the code in the incoming sms, the user logs in. Azure Multi-Factory Authentication feature can be enabled in Office 365 and other SaaS applications.
Today, remote working method is more preferred. Employees can log into the systems from many different locations. Therefore, it becomes more difficult to make inferences by looking at the logs. The remote working model can be made more secure by using Multi-Factory Authentication.