{"id":14024,"date":"2018-05-09T00:00:00","date_gmt":"2018-05-09T05:00:00","guid":{"rendered":"https:\/\/centricconsulting.com\/post\/asset-protection-identity-control-office-365_portal\/"},"modified":"2021-12-15T00:15:02","modified_gmt":"2021-12-15T05:15:02","slug":"asset-protection-identity-control-office-365_portal","status":"publish","type":"post","link":"https:\/\/centricconsulting.com\/blog\/asset-protection-identity-control-office-365_portal\/","title":{"rendered":"Asset Protection: Identity Control in Office 365"},"content":{"rendered":"

Your company\u2019s assets can no longer be secured using old methodologies for on-premises networks. You need a hybrid strategy.<\/em><\/h2>\n

\"identity<\/p>\n

Part three of a series<\/a>.<\/em><\/p>\n

Prior to transforming your business to meet the needs of today\u2019s realities, you probably created an account for your user in your company\u2019s directory.<\/p>\n

You likely provided that account with permissions to folders and applications on your network – perhaps individually or in groups. And you fully understand where your users will be logging in, from what devices and at what times.<\/p>\n

But technology has stepped in and the old, tightly secured, impenetrable fortress of your on-premises network has been supplanted by this new \u201cwork from everywhere\u201d mentality. This is a good thing, except your users\u2019 identities and your company\u2019s assets can no longer be secured using the old methodologies for on-premises networks.<\/p>\n

You\u2019ll need a hybrid strategy.<\/p>\n

A Hybrid Strategy for Identity Control<\/h2>\n

Enter Role-Based Access Management<\/a>, Privileged Identity Management<\/a>, Risk-based Identity Protection<\/a> and the intelligent secure graph based on machine learning and AI.<\/p>\n

When you make a move to a hybrid cloud scenario you will need these. You will also want Intune for device management, the other side of the identity control scenario.<\/p>\n

I use the word \u201chybrid\u201d because the idea that most companies can or will forego an established, on-premises solution is not realistic based on my client experiences.<\/p>\n

The hybrid strategy will remain until all of your existing software solutions – HR, Payroll, BOM, Receivable – are also in the cloud and you\u2019re prepared to decommission your entire local infrastructure (we\u2019ll talk infrastructure topics in blog 5 of this series).<\/p>\n

This is also the case whether you\u2019re using a Microsoft Active Directory or another third-party directory\/SSO\/MFA provider. Good news is you\u2019re not throwing out that investment yet!<\/p>\n

Steps to Identity Control in a Hybrid Environment<\/h2>\n

First, determine your Identity Management Strategy<\/a>.<\/p>\n

If you already have infrastructure available for identity management, check to see if that can be federated with Office 365 and Azure. It\u2019s a simple process even if you need to synchronize a .local domain. In this case, you will manage your accounts on-premises, including password policies, authentication management and resource requests.<\/p>\n

Then, determine what applications will be available in the cloud, what roles you\u2019ll use to assign users access to resources, and most importantly, clearly define a group strategy. There are consequences to different types of group creation in Azure Active Directory and Azure Active Directory Premium that you should be aware of prior to a migration.<\/p>\n

Keep in mind that these decisions don\u2019t take place in a vacuum and this will have to be a carefully considered sub-project of your overall cloud migration project.<\/p>\n

Next, have a look at the additional options available to you in the Azure Active Directory Premium subscriptions, most importantly Identity Protection<\/a> and Privileged Identity Management<\/a>.<\/p>\n