Azure Active Directory goes way beyond zero touch. Here are 3 must-know features.

 In Azure, Cloud, Security, Solutions

If you want to take advantage of Windows 10 zero touch, you need Azure Active Directory (Azure AD).

For most organizations, the conversation ends there. Azure AD exists as a means to an end. It’s part of every implementation we handle.

At its core, Azure AD enables Windows 10 devices to join Azure like a PC joins a domain. This is the foundation of zero touch and enables a device to enroll in a workplace right out of the box.

But it can do so much more.

Here we’re going to look at just a few of the ways you can use Azure AD to better secure your organization while making your life a lot easier.

3 must-know Azure AD features

Azure AD can be a massive project with an overwhelming amount of features. Instead of discussing them all, we’re going to focus on three of the most impactful.

1. Conditional access

One of your users is traveling a lot this month on sales calls, but they use to access their email. They’re not using a company-issued device, and some of the log ins are a little suspicious.

With Azure AD, you can set conditional access for that email account using “if this, then that” methodology. If the user isn’t on a managed device, and they’re logging in on, and they’re not in a trusted IP range, you can block access or require multi-factor authentication or even alert an admin.

It also starts to bleed into device management. Say your users have a company-issued mobile device, and you want to make sure only managed devices can access email. You have email containers and offer an email app, but no one uses it. They want to use the mail app that comes with the phone.

That’s a challenge that goes beyond device management, but can be solved with conditional access. You can set conditions to check that the phone is enrolled, meets certain requirements, then talks to Exchange, where several other factors are confirmed. If the request passes every condition, the user can access the mail natively. There’s some device management involved, but conditional access is what ensures a frictionless workflow.

2. Azure information protection

This feature protects documents through Azure with security tied to user credentials. Azure can detect confidential material in documents, spotting social security numbers or other sensitive information, encrypt the document, and apply rules on who can access it.

Organizations can also set their own policies. For example, if you want to keep your company’s orders secure, you can create a policy that if any document has a 10-12 character order number in a particular format, it should be marked as critical, high priority, or one of a range of security levels. Only users with specific clearance can access them.

It adds an extra layer of security because even if an employee takes off with a ton of confidential documents on a flash drive, access to those documents still depends on their credentials. If an employee steals files or simply leaves your organization, you can disable those credentials and the encrypted files can’t be accessed.

3. Its all-encompassing nature

This isn’t a feature, per se, but a lot of organizations don’t realize how much Azure AD touches. It encompasses all of Office 365, any Microsoft app you want it to, and anything you federate into it. You can connect it to third-party apps with the same protections as on Microsoft products.

The promise of one focal point to manage everything comes up a lot as a sort of holy grail of tech, and Azure AD delivers.

What does it take to implement Azure AD

If all of the above sounds like something your organization wants to pursue, you might be wondering what it takes to get started.

Migrating your environment to the cloud can take weeks and cause workflow disruptions. What kind of timetable does Azure AD require?

The answer is that it’s a lot easier to sync what you currently have in your infrastructure to Azure than migrating to the cloud in the first place. The process can take less than 20 minutes.

If you have O365, you probably already have this infrastructure in place, and you’re probably closer than you realize. It’s more about firming up your plans for single sign-on and identity management implementation – using Azure AD would be a lot simpler than tacking on additional products in your stack.

Azure AD has always been a must-have for Windows 10 zero touch. But by digging into its capabilities, you can improve security, give users a better experience, and simplify management of applications.

Want to learn more about what Azure AD can do for you? Contact your SHI account executive today.

Related Posts: You may also be interested in...

Leave a Comment

four × two =

Pin It on Pinterest