If you have Office 365, you should utilize Azure AD to protect your firm

 

Office 365 is Microsoft’s cloud productivity suite, with comparable features to Google’s G Suite. It includes online versions from many of the most-used Office applications, including Word, Excel, and PowerPoint.

A basic version of Azure AD is included FREE of charge with your Office 365 subscription! 

One compelling feature of Office 365, that your firm may not know about, is Azure Active Directory (Azure AD), Microsoft’s enterprise sign-on platform. Azure AD serves two primary functions: enabling single sign-on (SSO) to Office 365, and enabling SSO for other applications. Azure AD is available as both an on-premises installation of Active Directory Federation Server (AD FS) and a cloud service.

 

In this article, we’ll discuss how you can use Azure AD in your organization and utilize the services you are already paying for if you have Office 365 email.

 

What is Azure AD?

Azure AD is a cloud service that provides a platform for managing identity in Office 365 and other applications. Using Azure AD to protect your data means leveraging the security features of Microsoft and integrating with the business applications your firm already uses every day.

 

Azure AD provides a number of benefits to those using Microsoft’s cloud services:

– SSO into various Microsoft products, including Office 365 and Azure Active Directory-based sites

– Single sign-on anywhere you authenticate With Office 365

– Ability to enforce multi-factor authentication for Office 365 and the Microsoft ecosystem

– Ability to manage a number of users from one ID management console

– Ability to integrate with existing on-premises directories, such as Active Directory

Azure AD is provided free of charge with your Office 365 subscription.

 

How to protect users from installing software they shouldn’t

Managing what employees have access to on their systems use to be only achieved with an on-premise Server called Domain Controller with Active Directories running as a sign on service for all computers on the network.

Users would have their usernames created for login purposes and proper permissions would be added.

These permissions generally included things such as being able to install software, run or change updates, run scripts, change browser security settings, change internet settings, determine shared file and folders access and much more that is allowed on their computers.

With Azure AD

Azure AD is similar to what you can do with the on-premise server, however, you can enjoy all of these added benefits without a physical cost or the technical know-how for setting up something like this.

Let’s take for example Cindy, she is an employee of your company, and she uses a laptop for work that she occasionally takes home. Cindy has an email address through office 365 email which you created for her.

How to get Cindy’s computer Joined to Azure AD

On Cindy’s computer

Open Settings, go to Accounts and Access work or school and press Connect.

Click Join this device to Azure Active Directory

Type in her email address and click Next. Then Done.

It’s that simple!

Things get a little more complicating if you have an on-premise Domain Controller which will require additional

Now the standard permissions won’t allow Cindy to install software without having an administrator password, along with making other major system changes that could potentially impact security.

The benefits of Azure AD as a means to manage security permissions does not stop at just protecting users from installing software they shouldn’t, once you have it setup, even more options become available such as the ability to enforce multi-factor authentication for Office 365 and more. Most cyberattacks are engineered to target end users with phishing attacks and stealing passwords. Having MFA essentially prevents this from happening. Limiting what employees can do on their machines such requiring elevated permissions will also prevent ransomware and malware from infecting their computer.

If you are currently using Office 365, you are already paying for Azure AD and there is no good reason why your employees should not be Joined to Azure Active Directory even if you have an on-premise AD server!

 

If you need help or have additional question with migration to Azure,  please contact AlphaCIS and we would be glad to assist your company with this.

author avatar
Dmitriy Teplinskiy
I have worked in the IT industry for 15+ years. During this time I have consulted clients in accounting and finance, manufacturing, automotive and boating, retail and everything in between. My background is in Networking and Cybersecurity