Microsoft 365 Business Part 2: Azure Active Directory
Azure Active Directory (“Azure AD”) replaces a traditional physical Active Directory domain server (AD DS), allowing you to subscribe to it as a fully packaged service (PaaS) with no hardware and software expenditure upfront, no ongoing maintenance, and no backup and disaster recovery expense.
Azure Active Directory (“Azure AD”) comes in four editions—Free, Basic, Premium P1, and Premium P2. The Free edition is included in your Azure account as part of Microsoft 365 Business. For many businesses Azure AD Free and Basic editions are insufficient. Premium 1 with its conditional access policies which will create both internal efficiencies and increased security while mitigating the extent of possible future security incidents.
Solutions include pulling over the existing Active Directory, clean it up from top to bottom, and redeploy it fully in Azure. For firms without AD, we will set it up from scratch which must be noted in the pricing summary (otherwise, we are assuming you already have AD).
Advantages of Azure Active Directory Premium
1. Setup Groups & Advanced Groups
Azure Active Directory (Azure AD) helps you to manage your cloud-based apps, on-premises apps, and your resources using your organization’s groups. Your resources can be part of the directory, such as permissions to manage objects through roles in the directory, or external to the directory, such as for Software as a Service (SaaS) apps, Azure services, SharePoint sites, and on-premises resources.
Groups in Azure AD reflect the proper administrative rights and privileges of each member which include dynamic features such as group expiration, usage guidelines, and default classification.
2. Self-Service Password Reset
Enabling Self-Service Password Reset (which will work with Multi-Factor Authentication) so users do not require an IT administrator or Managed Services Provider to get them into their account. This goes a long way towards firm efficiency and reduces IT overhead significantly and speeds up many common support requests.
3. Multi-Factor Authentication
MFA means authentication requires two or more of the following methods: something you know (i.e., password), something you have (i.e., trusted device), something you are (i.e., biometrics). This may include restricting login by geography (i.e., from Asia), by behavior (i.e., multiple sign ins within a define period), or by risk exposure (i.e., risk score). Some advanced features like automatically forcing a password reset when compromised credentials have been discovered on the dark web (called “Azure Active Directory Identity Protection”) or Risk Scoring may require an upgrade to Premium 2 for an extra $3 per user per month.
4. Office Message Encryption (OME)
OME policies include Recipients-Only (internal policy), Encrypt-Only (internal/external), and Do-Not-Forward (internal/external) policies in Office Message Encryption (OME). This service allows end-users to send messages contained in wrappers that direct recipients to view and reply to messages in a secure Microsoft Outlook web app portal.
All three policies ensure that confidential and sensitive information are not sitting in the recipient mailboxes for if/when those accounts get breached or accessed. Additional steps would have to be taken by a hacker to get to the information and by using this wrapper the firm can later expire/revoke the message altogether (requires Azure Information Protection Premium 2 for $5/user/mo not included herein).
The Do-Not-Forward policy prevents recipients from forwarding and printing the message. Even if recipients try to print to PDF, the PDF will be empty. As setup, the service does not protect attachments from being downloaded but end-users at your firm can protect those using labels and Azure Information Protection Premium 1, which is setup elsewhere in this proposal.
This service offers a seamless experience for your clients/recipients who do not need to hold any special keys. To view messages, they simply request a one-time code sent to the same email or login with their own Sign Sign On service (typically Google, Yahoo, or Microsoft).
To see a full list of Microsoft Azure Active Directory features, click here.
We want to help! Fill out the form below and a Microsoft 365 Business expert will reach out at your earliest convenience to answer your questions.
Read Microsoft 365 Business Part 1: M365B Overview here
Read Microsoft 365 Business Part 3: Security Features here