The purpose of Identity Management is to protect, manage, and authorize access to software systems by only approving access after the username and password have been validated.
According to IDSA figures, an eye-watering 84% of firms experienced identity-type breaches in the last year. So, it’s fair to say identity management needs a major overhaul for most companies.
But what is identity management?
And which option is best for your business?
There are 3 different Microsoft 365 identity types you can deploy, depending on your company's needs and the infrastructure you have in place.
The identity type you choose impacts how your users log in. And it determines how you integrate your Microsoft 365 directory with your existing user accounts, such as Windows Server Active Directory. This is an identity platform commonly used by major organizations to manage user accounts.
Azure Active Directory (AD) is Microsoft 365’s cloud-based identity platform, which comes free with your subscription.
This is where you manage and maintain your list of Microsoft user accounts, including credentials like usernames and passwords. Allowing users to get access to the applications and services they need. It’s also where you assign licenses and permissions, either in the admin center or with Microsoft 365 PowerShell.
So which Microsoft 365 identity type is right for you?
That depends on whether your business needs a cloud-based or on-premises solution.
All Microsoft 365 user accounts and their passwords are stored, managed, and verified in the cloud-based Azure AD tenant.
Because Azure AD doesn’t sync with other company systems, any time a user resets their Microsoft 365 password, it doesn’t impact their other account logins.
Also, users must log in to Microsoft 365 separately, so using the same username to log in to their computer can help.
Synchronized identity should be used if you’re already using Windows Server AD for your central list of user accounts. Or if you want to leverage Multi-Factor Authentication (MFA) with Azure AD.
Azure AD Connect's software utility synchronizes Active Directory Domain Services (AD DS) user accounts into Azure AD.
So, users log into Microsoft 365 with the same credentials. This makes for a better user experience, but the sync only flows 1 way. User accounts must always be managed in AD DS with tools such as Active Directory admin center, or Microsoft PowerShell.
Also, you need to decide where the authentication occurs.
2 options allow seamless single-sign-on to Microsoft 365 with AD DS credentials, but the difference is where the authentication occurs. Whether in the cloud or on-premises.
Federated Identity requires Active Directory Federation Services, (AD FS) to be in place. It’s more suitable for large enterprise organizations with scalable infrastructure. And companies with enhanced security requirements, such as smart cards, work-hour restrictions or fingerprint identification.
With federated identity, a partnership, or federation is formed between your on-premises Windows Server AD and Azure AD in the cloud.
AD FS automatically synchronizes user accounts and attributes with Azure AD Connect but accounts are maintained through Windows Server AD or your third-party tool.
User experience is improved with federated identity, as users use single sign-on like the PTA authentication above. However, unlike cloud identity, federated identity is environment dependent so any on-premises issues will impact Microsoft 365 connectivity.
For this reason, both synchronized and federated identities should have a cloud administrator account configured to ensure Microsoft 365 is always accessible.
You can also reinforce your Microsoft 365 identity management with the following measures:
Setup cloud-based privileged accounts, to be used only when necessary
MFA configuration to provide extra strength secondary authentication via phone call or text message verification codes sent to privileged accounts
Extra protection with Zero Trust identity and device access recommendations
Digital transformation is hurtling along at breakneck speed, and with that comes increasing cyber security threats and phishing attacks. Tightening up your identity management now can protect against this and provide users with secure and stable access to the resources they need.
If you’re interested in beefing up your company’s identity management process, schedule a CoreView demo today to discuss the best option for your company.