As users and administrators have come to learn, Microsoft 365 is a dynamic product. Identity management and threat protection represent two of the solution’s key features, and are supported by a number of products within the suite, including Azure Active Directory, Microsoft Intune, Advanced Threat Analytics and Azure Advanced Threat Protection. Let’s take a look at each:
Azure Active Directory Premium
With workers consuming more and more cloud resources, administrators need a way to organize how they authenticate users of these resources. Whether they are logging on via a phone or PC, or from their home, the office or a local coffee shop, you want this process to be easy enough for the user but secure enough for your organization. Azure Active Directory Premium (AADP) can allow you to do this by using Conditional Access rules.
Conditional Access rules basically set up “if then else” logic statements to make sure your end users are authenticating from a specific geography, on a specific type of device to a specific type or platform of application. Furthermore, AADP will allow you to enforce a two-factor authentication challenge to ensure end users are who they say they are. If the end user does not meet these basic conditions, AADP simply does not hand off the authentication credentials to the resource the user is trying to access.
With Microsoft Intune, you can drill down into the device and the application on the device that the end user is using for authentication. After they meet the Conditional Access policies in AADP, you can turn Microsoft Intune on to make sure the user is using a “vetted” device. With Microsoft Intune, we can manage policies, including assigning the device to the user, making sure it is updated, checking that it has all the pertaining applications required for that user, encrypting the device and assigning a Wi-Fi profile. There are hundreds of policies that can be managed with Microsoft Intune. It is just a matter of defining what you and your organization need.
Advanced Threat Analytics and Protection
Now that you have secured the authentication process with Azure Active Directory and locked down the device with Microsoft Intune, you can monitor both on-premises and cloud activity of your users as they access all of their day-to-day business-critical services such as Office 365, Salesforce, Dropbox and so on. Microsoft’s Advanced Threat Analytics (ATA) and Azure Advanced Threat Protection (AATP) work to accomplish this.
ATA is an on-premises server and AATP is a cloud-based service. These two solutions learn how your users are behaving. In general, a normal daily behavior would be something like “User A logs onto her device with her credentials and her security certificate at a time that she is supposed to be doing that.” What you would not want to see — what is called “recon behavior” — is User A logging on to User B’s device, with User C’s security certificate. While a breach may not have occurred, this recon behavior is a strong indication that someone is trying to gain unauthorized access to another’s credentials. Whether this happens in the cloud or on-premises, you can now be alerted to such activity immediately.
Easy Access to Security
Identity management and threat protection are important security practices that are key to keeping users, data and resources safe. Implementing these simple security tools within your organization’s Microsoft 365 suite will go a long way toward protecting you from some common security threats.