Blog

Active Roles is Aging Fast – Modernize Active Directory and O365 Identity Management with CoreView

Active Roles came to market well over 15 years ago, and if you are a customer, you probably know first-hand all the ways it is showing its age. Back then, the cloud was barely getting started, and most computing happened on-premises.

A legacy application, the long in the tooth Active Roles from OneIdentity now tries to manage end users in the cloud, but only scratches the surface of what SaaS environments and Active Directory shops truly need.

If all your applications are all on-premises, and you have no interest in the cloud, the legacy tool Active Roles tool can fit that purely legacy environment.

However, you should not have to struggle with legacy management tools like Active Roles that require a patchwork of duplicate services, add-on modules, additional products, complex workflows, or extra databases. Replace this entire mish mash with CoreView solutions such as CoreView Hybrid Management.

If your future involves the Cloud and SaaS, you really should talk to CoreView. We offer delegated administration and role-based access control built for your network today – and tomorrow. Our user provisioning and lifecycle management of identities are built for modern cloud and hybrid environments.

While CoreView serves your user management and identity needs, we go far further. We do so much with Azure AD that Active Roles does not — such as finding malicious login attempts, sign-ins from infected devices or from out of the norm geographies. We also track end user activities relative to Azure, and provide rich auditing and reporting. 

That is the tip of the CoreView end user and identity management iceberg. If your Active Roles shop has Office 365, you know this legacy product from OneIdentity does nothing to help your Microsoft SaaS environment. In contrast, CoreView offers deep Office 365 management and security and helps your end users more fully adopt O365 services.

Azure Identity Management Done Right

Azure is the host to Office 365 and a key way end users are identified in the cloud. This also makes Azure and Azure AD the main thoroughfare for cybercriminals making their way into network.

A piece by Microsoft: Azure Identity Management and Access Control Security Best Practices, lists a handful of tips, including:

  • “Treat identity as the primary security perimeter
  • Centralize identity management
  • Manage connected tenants
  • Enable single sign-on
  • Turn on Conditional Access
  • Plan for routine security improvements
  • Enable password management
  • Enforce multi-factor verification for users
  • Use role-based access control
  • Lower exposure of privileged accounts”

Fortunately, this checklist is a roadmap of many CoreView security features. One key item is CoreView’s Azure Activity Reports, which include:

  • Application usage: summary and detailed reports
  • Application dashboard
  • Detailed audit logs
  • Account provisioning errors
  • Individual user devices and activity
  • Groups activity reports
  • Password reset activity

With CoreView’s Azure monitoring and reporting, customers audit and report on suspicious login activity, different device access methods and DLP activities, and performs security and compliance auditing, all from a common management interface. These capabilities also allow customers to configure automated alerts to notify administrators when security compliance issues with Azure AD are identified. In total, CoreView now allows auditing and alert notifications based on over 500 actions in Office 365 and Azure AD.

One of the biggest items is tracking AD suspicious sign-in activity. The Azure AD security monitoring and auditing reports available in CoreView provide the proactive, bloodhound type trail to sniff-out suspicious activities for user account log-ins. Many security breaches come from botnet driven brute-force attacks on user accounts by trying different password combinations until they gain access over time. This was the method used by the “KnockKnock” attack, which targeted Office 365 system accounts. Add to this the ShurL0ckr type attacks in 2018 that are still ongoing and infect OneDrive collaborate storage folders, and you can see how IT admins have their hands full with monitoring security breaches and infestations.

Monitoring suspicious sign-in activities on user accounts has quickly become a critical security task for IT administrators responsible for managing Office 365. The customizable reports from CoreView enable IT admins to easily monitor these suspicious activities, identify who performed the sign-in, when it happened, and from what geographic location (which IP address). The anomalous AD activity reports combine suspicious sign-in details from the following categories:

  • Sign-ins from unknown sources
  • Sign-ins after multiple failures
  • Sign-ins from multiple geographies in the same days/weeks
  • Sign-ins from IP addresses with suspicious activity
  • Sign-ins from possibly infected devices
  • Irregular sign-in activity

In fact, CoreView can easily establish and manage AD identities, and have this work automated in a pre-set, serial workflow process with full auditing implemented by default. Here are the steps that can be automated, and done without error:

  1. Import New User List – into CoreView processing queue using CSV file
  2. On-Premises Account Creation – in the on-premises Active Directory using the CoreView Hybrid management functionality
  3. Azure AD Account Creation – setup synchronized account in the cloud
  4. O365 License Assignments – based on department and job role profile
  5. Addition to Office 365 Groups
  6. Policies Assignment for Various Services
  7. E-Mail Sent to Manager With Temporary Password
  8. Preconfigured Welcome Message Sent to New User – containing links to onboarding materials and training portal
  9. New User Account Included in Virtual – Tenant for Associated Business Unit

See How CoreView Helps

CoreView does far more than manage end user identities in Active Directory and Azure AD. We also manage Office 365, saving you 30% or more on licenses, stop underusing applications, and put an end to mismanaging security and configurations.

Get a free taste of CoreView with CoreDiscovery. Solution details are here: https://www.coreview.com/corediscovery/

Get your free software at the CoreDiscovery sign up page: https://www.coreview.com/core-discovery-sign-up/

Let us prove how we help your network with a free Office 365 Health Check, which diagnoses all your Office 365 problems.

Want to see firsthand how CoreView solves Office 365 and identity management problems? Just request a demo.


Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.