Mobilize your Workforce using the Public Cloud!
Unconstrained productivity includes the ability to work anywhere at any time.
Many enterprises rely on Virtual Private Network (VPN)-based solutions to provide employees with access to corporate resources. These constructs are often hard to manage, requiring configuration and/or additional software. Microsoft Windows Active Directory is the current undisputed heavyweight champion of enterprise directory systems, and it’s here to stay.
But how can enterprises fully leverage the advantages of Software-as-a-Service (software hosted by the provider, such as Office 365, Google Apps and Salesforce), public cloud and a mobile workforce? How can we extend an existing on-premise Active Directory to securely use third party identity systems and provide our users with a Single Sign-On experience?
In this article we will explore how Azure can form the ideal stepping stone for enterprises looking to move their first workloads to the public cloud.
What is Azure Active Directory?
Azure Active Directory (AAD) is Azure’s multi-tenant, globally distributed, automatically replicated identity management system. It’s used by Microsoft’s cloud solutions (such as Office 365) and is the principal authentication engine behind Azure itself. It leverages the full capacity of the cloud and provides many enterprise features to simplify administration, compliance and maintenance. Using AAD you can easily couple your Active Directory system to third party identity providers (such as Facebook or Google), authenticate your applications and provide users with a Single Sign-On point.
Why is ADD useful for you?
The thought of having to migrate users and objects to a new authentication system will send shivers down the spine of almost any IT professional. Luckily, AAD provides us with an extensive tool set, including AAD Connect, which allows for fine-grained replication policies. This eliminates the need for manual intervention and allows us to get up and running within a few clicks. AAD Connect will then take care of ongoing replication for you.
Once you have AAD set up, what can we do that we couldn’t do before? Let’s take a look at some of the possibilities:
- Single Sign-On (SSO). Perhaps obvious, the power of SSO is often underestimated. Provisioning, administering and deprovisioning users takes up a considerable amount of valuable time as the amount of users and applications ever increases. How does your marketing team manage your social media accounts credentials? How many different sets of credentials does your average user have to keep track of? How do you know your users are using secure passwords and password rotation is in line with your compliance policies? AAD lets your users securely use their applications without the need to remember a set of credentials for every single one.
- Security and compliance. Azure Active Directory provides extensive logging, monitoring and reporting of your application authentication.
- Application delivery and self-service. How much time do your employees lose waiting for your IT staff to provision accounts or reset passwords? Azure Active Directory provides a management portal for users to enable access to applications and perform basic administrative tasks such as resetting passwords and requesting access.
- Disaster recovery and business continuity. The authentication backend forms the backbone of any modern IT ecosystem. Having a fully synchronized, infinitely scalable Active Directory at your disposal in case your on-site domain controllers go down is a luxury few enterprises can afford not to have.
- Central synchronization. Gone are the days of requiring VPN tunnels between your Domain Controllers in different sites. Enable replication between your on-prem Domain Controllers and AAD and your domains will stay in sync.
- Mobility. With a public Active Directory endpoint, BYOD devices can make use of corporate resources without the need to be on-site. This means employees can access your systems and application while travelling or working remotely.
- Own devices. AAD supports registration of multiple devices per user. This allows for a great amount of flexibility as users can be enabled to enroll and activate their own devices in the corporate directory.
- Multi-factor Authentication (MFA). When handling critical data (or any data, for that matter) MFA can be enabled, requiring users to authenticate using an additional factor apart from their username/password combination.
How much does it cost?
Azure Active Directory comes in three pricing tiers with varying feature sets and capabilities: Free, Basic and Premium. Obviously, Premium will provide you with all the juicy features mentioned above whilst Free is limited to a few applications per user and limited AD objects. Microsoft is not very open about its pricing and you will have to contact your account manager in order to receive a quote. Unofficial sources mention a price of around 5€ per user per month.
Extending your on-premise Active Directory systems to Azure can open up a world of opportunities to enterprises seeking to take their first steps into the public cloud.