Skip to content
  • Blog
  • Events
  • Help
  • Careers
  • Contact
New Signature
  • About
      • Company

        Cognizant Microsoft Business Group is dedicated to changing the way businesses innovate, transform and run based on a unique cloud operating model. You will now be redirected to our new microsite to learn more.

        View Company

      • Awards

        As a company, we are regularly recognized within the IT industry as well as the communities we serve.

        View All Awards
      • News

        Read the most up-to-date corporate announcements, Microsoft technology updates, innovative business solutions and learn more about how the Cognizant Microsoft Business Group can take your business even farther.

        View News

      • Partners

        New Signature works with a number of outstanding technology companies to deliver the best experiences to our customers.

        View Partners
      • Leadership

        Cognizant Microsoft Business Group’s executive team is comprised of innovative leaders with proven experience and deep industry expertise. You will now be redirected to our new microsite to learn more.

        View Leadership

      • Industries

        Our solutions are tailored to empower organizations across a wide range
        of industries.

        View Industry Experience
    Close
  • Solutions
      • Intelligent Enterprise
        Solutions

        Going Digital
        Unleash cloud capability, deliver change and compete at speed with a Microsoft digital operating model, enabling you to work more efficiently as you transform your IT environment. Learn More

      • Featured Solution

        Secure Cloud
        In a world of constant threat, ensuring that your underlying cloud platform is protected is the first step on your organization’s journey towards a secure, compliant operating environment. Learn More
      • Intelligent Workplace
        Solutions

      • Secure Workplace

        Work Anywhere

        Endpoint Health

        Identity Health

        Teamwork Support



        VIEW WORKPLACE SOLUTIONS
      • Intelligent Cloud
        Solutions

      • App Factory

        Azure Accelerator

        Azure Launchpad

        Azure Launchpad for DevOps

        Application Health

        Platform Health

        VIEW ClOUD SOLUTIONS
    Close
  • Services
      • Begin your journey towards becoming a digital business with GO, our unique end-to-end framework based on the Microsoft Cloud Adoption Framework.

        GO DIGITAL OPERATING MODEL
      • Intelligent Enterprise

      • Consulting

        We go beyond just technology to help your organization understand how digital can help you uniquely differentiate and better serve your employees and customers.

        VIEW ENTERPRISE SERVICES
      • Intelligent Workplace

        • Identity

          Identity is your new first-line-of-defense. It’s vital to your users and clients that your identity platform is properly configured and secured.

          Endpoint

          Whether your devices are on-premises or remote, personal or business-owned, we can ensure they are properly managed and protected.

          Teamwork

          Today’s workforce is collaborating than ever before.  We can empower your current teams with tomorrow’s progressive technologies.

          VIEW WORKPLACE SERVICES
        • Intelligent Cloud

          • Platform

            The cloud is no longer some future-state. It’s the here and now. Adopting a cloud-first platform is one of the best ways to maintain a future-proofed competitive advantage.

            Applications

            We build cloud-native apps and modernize legacy systems with the power of Azure to give your organization a competitive edge.

            Data

            We can help your organization create secure, scalable data platforms to deliver simpler and more sophisticated insights to your business.

            VIEW CLOUD SERVICES
        Close
      • Client Stories
          • Case Studies

            Browse a comprehensive list of companies who have created successful partnerships and experienced transformative solutions with New Signature.

            View All Case Studies

          • Featured Case Study TalkTalk Modern Workplace

            New Signature worked with TalkTalk to define a new Modern Workplace solution based on Microsoft 365, which kept the user firmly at the center of the transformation.
            View Case Study

          • Testimonials

            We love transforming our customers businesses, take a look at what they have to say about New Signature.

            View Testimonials

          • Featured Testimonial Davis Construction

            With New Signature’s help, Davis was able to take a progressive step forward by migrating their private branch exchange (PBX) phone system to a Voice of Internet Protocol (VoIP) system.
            View Testimonial

        Close
      • Explore
          • Guides & Ebooks

            Dive deeper into education with your team by leveraging our expert-developed guides and eBooks.

            View All Guides & Ebooks

          • Infographics

            Rich with statistics and information, our infographics are great tools for quick but insightful learning.

            View All Infographics
          • Podcast: Office Explorers

            Join Kat and Rob monthly as they chat with New Signature experts and explore the world of O365.

            Listen to Podcasts

          • Videos

            Visit our videos stream to access recorded webinars, service information and to learn more about us.

            WATCH ALL VIDEOS
          • Flyers

            Searching for information about our services? Our flyers are a great takeaway for all those details.

            VIEW ALL FLYERS

          • Featured Stream

            Learn more about the tooling and expertise required to unlock productivity and mobilize your teams.

            MODERN WORKPLACE
        Close
        Close
      Blog

      Azure AD Identity Governance

      New Signature / Blog / Azure AD Identity Governance
      October 30, 2020October 30, 2020| New Signature
      governance

      In the post-world of cloud and mobile perimeter-based technology, the castle and moat approach to security no longer works. Zero trust approach to security is imperative and it starts with identity. The number of workforce identities in the enterprise is growing dramatically thanks in part to modern collaboration applications that make it easy for employees to share information, data, and files with external users (i.e. vendors, business partners, contractors and customers). Identity compromise has also dramatically increased, and organizations can protect from these threats with Azure AD identity security features such as Multi-Factor Authentication, Identity Protection, Conditional Access, Password Protection, Password-less, Defender for Identity and other features.

      Identity governance also plays a crucial role by avoiding excessive access, access longer than needed, and effectively manage the risk associated with access. Cloud based access governance as an industry trend is gaining momentum. Organizations are not only looking for traditional identity management tasks like creating users but also identity governance capabilities from an IDaas solution, especially in highly regulated verticals.

      governance

      With Azure AD Identity Governance features, organizations can govern identities and access across all applications and provide self-service to support business level decisions. Policy-driven automation for reviews, request, and approvals as well as analytics-driven insights are extensible through standards, APIs, and partnerships. You can also alter to address compliance reporting needs.

      The first step to provide centralized governance through Azure AD Identity governance is to bring all users and applications into Azure Active Directory. You can bring users into Azure AD in several ways:

      • Integrate Azure AD with HR systems, whether hosted in cloud or on-premises servers. They can become part of the entire Join-Move-Leave (JML) process
      • Bring users from acquisitions or subsidiaries from multiple disconnected Active Directory environments
      • Bring users from others Azure AD tenants, federated environments, or social IDPS

      The second step on Azure AD Identity governance journey is to bring in apps that the users need access to into Azure AD. Forrester’s Total Economic Impact of Securing Apps with Azure AD found that by leveraging Azure AD single sign on across applications, companies reduced 50% of operational overhead and 75% of password reset requests.

      • Azure AD provides single sign on and supports over 3,000+ SaaS apps and classic/legacy applications, regardless of where they are hosted.
      • You can leverage Azure App proxy to provide secure hybrid remote access to internal resources or leverage the integration with several Application Delivery Controllers (ADC) partnerships.
      • Azure AD not only provides single sign on across apps. It also secures this access with Multi Factor Authentication (MFA), conditional access, role-based access controls, OAuth authorization services, and consent permissions.

      Once all the users are in Azure AD and the applications are integrated, Azure AD Identity governance features such as access reviews, entitlement management, Terms of Use, Privileged Identity Management, and Administrative Units can be leveraged across regular users, applications, and privileged accounts.

      • Terms of Use – You can have Terms of Use require employees or guests to accept your terms of use before getting access, accept on a periodic basis, accept prior to registering security information in Azure Multi-Factor Authentication (MFA), present specific terms of use based on a user persona, and meet compliance and audit needs.
      • Access Reviews – One of the problems in many organizations is access is granted during onboarding, but removal of access is not followed through in all cases. The user account may be disabled, but access is not removed.  A side effect of the ease of modern collaboration is guest account proliferation and ongoing access to an organization. Access reviews help to ensure that only the right people have access to a particular resource and for the duration needed. Excessive access can be identified with access reviews, mitigating the associated risk. Access reviews on employees, guests, and applications can be triggered by a lifecycle event through entitlement management or on ad-hoc basis. You can require users to self-attest their access on a periodic basis and require approval workflow after self-attestation.
      • Entitlement Management – Traditionally, employees were dependent on IT for an access request they needed. With Entitlement Management, IT can empower business units and end users by delegating access decisions without needing to be in the middle of every request, while ensuring controls such as multistage approvals, time-bound access, and requiring re-certification of access on periodic basis via Access Reviews. IT can delegate the catalog and access package creation and maintenance to business units.

      Role Based Access Control (RBAC) has existed for a long time in the on-premises world and was the primary solution for ensuring least privilege access for administrators. Azure AD supports several RBAC roles out of box; custom roles with granular permissions can also be created. In addition to RBAC, organizations can leverage Privileged Identity Management (PIM) and Administrative Units (AUs) to further protect and govern the accounts with admin privileges.

      • Privileged Identity Management (PIM) – Helps reduce/eliminate persistent privileged access and provides Just-In-Time Access. It can require users step up the authentication with MFA, provide a justification for audit purposes, require approval, and provide time bound access.  PIM integrates with Access Reviews to ensure that privileged access is limited to a subset of users. Just-In-Time Access can be required on Azure AD built-in and custom roles, Azure resources built-in and custom roles, and Azure AD groups. When PIM access is setup at the Azure AD groups, global admins can then delegate the role management access and approvals to workload admins and still retain oversight and auditability.
      • Administrative Units (AUs) – Administrative units allow you to grant admin permissions that are restricted to a department, region, or other segment of your organization. You can use administrative units to delegate permissions to regional administrators or independent divisions.

      These features also provide rich reporting and insights and leverage signal exchange, event correlation, and insights from the integrated Microsoft Security stack.

      About the Author
      Lavanya Murthy is a senior consultant in Intelligent Workplace at New Signature- Cognizant’s Microsoft Business Group. Her expertise is in helping clients strengthen their security posture and implement a Zero Trust framework with M365\Azure identity and security solutions and modernizing SecOps. In her free time, Lavanya enjoys reading, knitting, and teaching coding to kids.

      Categories
      Tips and Tricks
      Contact New Signature

      Blog Posts

      • Agile Delivery for Large Scale Data Ingestion using Azure Data Explorer
      • Implementing Cloud Adoption Framework Across Vida Homeloan’s Organization
      • Cognizant Microsoft Business Group Achieves Microsoft Advanced Specialization for Windows Virtual Desktop
      • Cognizant’s Experience Lab for Continuous Testing with Azure

      Managed Services

      Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent fermentum, enim ac dignissim aliquet

      VIEW ALL MANAGED SERVICES

      Professional Services

      Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent fermentum, enim ac dignissim aliquet

      VIEW ALL PROFESSIONAL SERVICES

      New Signature

      About

      • Company
      • Awards
      • News
      • Leadership
      • Partners
      • Industries

      Solutions

      • Intelligent Enterprise Solutions
      • Intelligent Workplace Solutions
      • Intelligent Cloud Solutions

      Services

      • GO
      • Intelligent Enterprise
      • Intelligent Workplace
      • Intelligent Cloud

      Client Stories

      • Client Stories
      • Testimonials

      Explore

      • Guides & Ebooks
      • Podcasts
      • Flyers
      • Infographics
      • Videos
      Copyright © 2022 New Signature
      • Blog
      • Events
      • Careers
      • Help
      • Anti Slavery
      • Privacy Policy
      • Contact
      • About
        • Company
        • Awards
        • News
        • Leadership
        • Partners
        • Industries
      • Services
        • GO
        • Intelligent Enterprise
        • Intelligent Workplace
        • Intelligent Cloud
      • Client Stories
        • Case Studies
        • Testimonials
      • Technologies
      • Explore
        • Guides & Ebooks
        • Infographics
        • Podcast: Office Explorers
        • Videos
        • Flyers
      • Blog
      • Events
      • Careers
      • Contact
      • Search
      Cookie Settings
      New Signature uses "Required Cookies" to run our website, "Functional Cookies" used by third parties to personalise marketing, including social media features.

      Change your preferences by clicking the “Cookie Settings” link at the bottom of every page. Learn more about cookies in our Cookie Policy and our Privacy Policy. By clicking the “Accept Cookies” button below, you consent to our use of cookies.

      Please note that “Required Cookies” will be set regardless of your consent.
      Cookie SettingsAccept Cookies
      Privacy & Cookies Policy

      Privacy Overview

      This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
      Performance

      Performance Cookies provide Content Delivery Network assets that deliver faster site content delivery capabilities.

      Required

      These cookies are required mainly in order to deliver Multilanguage site capabilities.

      Functional

      Functional Cookies allow us to provided advanced media capabilities including videos, surveys and other multimedia capabilities.

      Disabling Functional cookies will block the playing of videos and other multimedia site components.

      Targeting

      Targeting Cookies are used to capture user information in order for New Signature to deliver better user experiences.

      Save & Accept