10. Access Reviews
Conditional
Access
Multi-Factor
Authentication
Addition of
custom cloud
apps
Remote Access
to on-premises
apps
Privileged
Identity
Management
Dynamic Groups
Identity
ProtectionAzure AD DS
Office 365 App
Launcher
Group-Based
Licensing
Access
Panel/MyApps
Azure AD
Connect
Connect Health
Provisioning-
DeprovisioningAzure AD Join
Self-Service
capabilities
MDM-auto
enrollment /
Enterprise State
Roaming
Security
Reporting
Governance
HR App
Integration
B2B
collaboration
Azure AD
B2CSSO to SaaS
Microsoft
Authenticator -
Password-less
Access
334K 90%64K1.01B14.2M
+30%
YoY
+35%
YoY
+65%
YoY
+150%
YoY
— Every Office 365 and Microsoft Azure customer uses Azure Active Directory —
11.
12.
13.
14.
15. On-Premises
applications
Conditional Access Control
Application
Business sensitivity
Other
Inside corp. network
Outside corp. network
Risk profile
Devices
Authenticated
MDM Managed (Intune)
Compliant with policies
Not lost/stolen
User attributes
User identity
Group memberships
Auth strength (MFA)
Conditional access
control
Azure AD
So lets first start by focusing on why identity is important.
Cybersecurity attacks have been a great headache for IT organizations. Even large organizations, reputable financial organizations and even governments are not immune to these threats. The nature of the cybersecurity attacks have been changing, attackers found an intelligent way to breach into the networks, by breaching into credentials. Rather than using virus or malware software, most of the time they hide under the identity of an innocent user. 81% of hacks and cybersecurity attacks are traced back to lost, weak or compromised user credentials.
Why credentials are so vulnerable? Because passwords are vulnerable. And passwords are not really the best form of access and authentication. Think about it. How many times you have used the same password to access a corporate account as well as a personal account? How old are your personal passwords? I think the WiFi password I use at my house is more than 10+yrs old. Do you use the same password for your social media and bank account? It is quiet possible – because it is hard to remember several passwords when you’re trying to get things done. Statistics prove this as well – 73% of passwords are duplicates. This means the users are using the same password for several accounts.
And why do we use this? Because they want to be productive, we want to get things done, wherever we are. As users, our first focus is productivity before security. 80% of employees admit using non-approved SaaS apps for work. 79% of employees work on virtual teams according to Forbes (FORBES - https://www.forbes.com/sites/unify/2013/12/10/how-technology-has-changed-workplace-communication/#71c8043f670b). The mobile work force has grown by 103% since 2005.
So lets step back for a minute and think about the tectonic shift that has happened to IT systems with the introduction of mobility and the cloud. Before these mega trends, users, devices, apps and data were within the confines of the enterprise. Users will use devices only given to them by the IT department. They will access apps that are identified by the IT department. The data, identities, devices are all on premises or in the private cloud.
But world has changed. Employees want to be more productive – our own telemetry says that an average employee uses 17 SaaS apps for work. Why? They want to be productive. SaaS apps are great in terms of anytime access, always up to date.
Then of course, we have the introduction of mobile and personal devices. We get things done using our phones, our tablets – where ever we are, in the airport in the coffee shop.
And accordingly we have several different identities. We have our organizational identity to access corporate resources, we have social media accounts. Several accounts, several passwords - if we can use the same password for these multiple identities we will, cause it is easy and convenient.
Documents designed for anytime, anywhere collaboration allow team members to work seamlessly with each other and make progress quickly. People want to interact with people, not with documents and systems.
People are taking more risks than you can imagine, if you want to protect them, this protection should built in to the design of your solution.
As organizations and their employees are moving to the cloud, the security strategy needs to start with a strong protected single identity at the center of the business. AS we talk to customers who’re moving to the cloud, we realize that they are still concerned about network security in their journey to the cloud. The reality is that as you move the cloud, the identity becomes your control plane, it is the new perimeter. As you can see the confines of the enterprise is no longer and can no longer be the perimeter of your organization. Having a strong identity and access strategy is critical, I want to say crucial for balancing security and productivity in the organization and for being the first line of defense.
So Identity is the new control plane, it safeguards your core assets on-prem and in the cloud. But we also know that most breaches can be traced back to compromised credentials, remember the stat I mentioned about the credentials under attack! Let me show you how risk based conditional access helps you identify at risk credentials, and take the appropriate steps to avoid breach or data exfiltration, while providing a good experience for IT and users – internal and external!
Build 2012
Based on what we are seeing, we are easily the largest single enterprise cloud identity in the world. 14.2 m organizations in the world using the directory managing 1B identities using that directory. While Azure AD powers all of Microsoft online services, we are also, today, powering more than 300k 3rd party apps that were integrated to the directory and authenticated at least 1 user. We have 64k organizations that are paid EMS/Azure AD customers. I’ll pause a moment here to let you understand these numbers for yourself. ….
Now that we understand where Azure Active Directory is coming from, lets understand what Azure AD aims to provide to customers