Azure & Active Directory Center

I still remember the first password I ever had; it was for my GeoCities account in the late ‘90s before they were purchased by Yahoo!. The password was a randomly generated string of six lowercase characters – that was it, no uppercase, numbers or special characters. I memorized it and thought it was great, no one would ever guess that random password – unlike the passwords my friends used, which were usually the name of their girlfriend or their nickname. By today’s standards though, it is clear that a lot has changed since then, and I’d be willing to bet that any decent authentication system would actually prevent you from using such a trivial password.

Introduction

By now, Azure AD Conditional Access should no longer be unfamiliar to anyone in IT. As a refresher, it’s Microsoft’s solution for providing a flexible, condition-based, way of controlling access to (cloud) resources.

Since the dawn of time, or at least the dawn of computers, logging into our computer resources has been all about username and password. The username and password model has worked pretty well considering the simplicity of this model, but now it’s time to move on to better thought out authentication and authorization systems.

In Part 1, I discussed the implication of CFO fraud and how it can affect your company. It can cost a lost of money when transferred to the wrong accounts, CEOs and CFOs get fired and I won’t mention the reputational damage, which can also be substantial. I also discussed the technical part to fight this (i.e. implementing SPF, DKIM and DMARC). This can help you prevent external mail servers trying to spoof your domain and trying to impersonate your users.

When moving to Office 365 you have various options on how to handle authentication to the service. The purpose of this article is not to explain in great detail what those options are, but rather to take a look at what considerations come into play when choosing the right option for your deployment.

Microsoft’s own integrated STS in Windows Server named AD FS (Active Directory Federation Service) is still a broadly used mechanism to federate identities with Azure Active Directory. At Ignite 2018, Anand Yadav’s session BRK3226 provided some numbers and 71+ million users actively use AD FS to sign-in to Azure.

Today, Office 365 customers experienced another global outage affected by Azure AD. When did you first know that there was a problem? Were you alerted to the problem by a frustrated user trying to log into email on a Monday morning? How much productivity was lost within your organization due to the outage?

Part 1 - Recap

Securing your data in Office 365 can be a challenging task. The problem is that using user names and passwords as the basis of our authentication protocols is not a very successful way to run our technology.

Securing your data in Office 365 can be a challenging task. The problem is that using user names and passwords as the basis of our authentication protocols is not a very successful way to run our technology.

As more IT services move to the cloud, the need for better security features will only increase. People want to be able to log in hassle-free, but organizations need strong authentication security. The fastest way for this move to cloud service to fail is going to be though a large security breach. Microsoft is aware of all these facts, and they are putting a lot of work into ensuring that logging into their cloud servers is both easy and secure.