Our thoughts on the future of digital innovation and the cloud.

 /  Invero

You should use Azure AD and RBAC. Here’s why.

Introduction
The Active Directory technology is almost 20 years old dating from its initial release with Windows Server 2000. It leverages the Lightweight Directory Access Protocol (LDAP), making it one of the most popular directory services platforms for centralized domain management.

Don’t believe me? Just remember the last time you had to hit CTRL + ALT + DELETE on a Windows PC to bring up the logon screen. Then, you wonder, why does my username have a “\” in it? That’s right, your username is a domain account and the Windows PC was using Active Directory services.

Active Directory continues to include new features, even today. Since its release, Active Directory has evolved to encompass a broad range of identity related services such as Certificate Services, Federation Services and Rights Management Service.

Azure Active Directory
Speaking of evolution, the paradigm shift to cloud computing has substantially changed the way organizations use software, applications and online services. The on-premises Active Directory lacks support for technology outside of an organization’s network. So, how do we provide a seamless and secure user experience for authentication?

We use Azure Active Directory (Azure AD). Azure AD is Microsoft’s cloud-based identity and access management service for both external and internal resources. Since it is hosted in the cloud, the service is continuously updated and supports modern security web protocols (such as SAML and OAuth), which are standards for integrating with external resources.

A global service, here is what you need to know about Azure AD. Its parent, Microsoft:

  • Invests over 1 billion USD annually on cybersecurity research and development.
  • Employs more than 3,500 security experts
  • Has more certifications than any other cloud provider

Moreover,

  • Azure AD manages more than 1.2 billion identities and processes over 8 billion authentications every day
  • Azure AD supports more than 2800 pre-integrated SaaS applications such as Salesforce, Workday, Box, and ServiceNow.

Microsoft’s large security investments and extensive third party integrations provide a single platform for all of your modern identity management needs. Because it is a central platform, all users can be protected by a variety of security features. You can read more about them here: How to protect your identity in the Cloud – Invero (inverodigital.com)

Role Based Access Controls
A good example for using Azure AD is managing resource permissions provided by an Azure subscription. Permissions assignments are mappings between an Azure AD identity and a Role. Thus, the name Role Based Access Control (RBAC). This authorization system is built on top of Azure Resource Manager and permissions are evaluated on each action. Instead of granting users Owner or Contributor roles, you can leverage the built-in roles to narrow down the permissions. This way you are granting a limited amount of access, to users who require it to perform their intended task.

Graphic of a person going through a security detection machine that used Azure AD.

Once you have defined the roles, you can map them to Azure AD groups. This provides reduction of explicit access, number of assignments and administration effort. With strategic planning and documentation, IT administration only need to manage user identities and their Azure AD group memberships.

Conclusion
Microsoft has invested significantly in Azure AD and security. Consolidating your organization’s identity and access management to Azure AD provides a lot of benefits with reduced administrative efforts, modern authentication protocols, integration with third party applications, enterprise security features and more. It provides end users with a seamless and familiar experience across all integrated applications.

You may already be using Azure Active Directory with your Azure subscription today. It is one of the most popular identity and access management services, and one of the most robust. Combined with RBAC, Azure AD offers effective role-based access management, leveraging your existing groups and mapping them to role specific permissions on your resources. If you’re already using an Azure subscription, take advantage of the administrative overhead savings and effective privilege management Azure AD provides.