{"id":14024,"date":"2018-05-09T00:00:00","date_gmt":"2018-05-09T05:00:00","guid":{"rendered":"https:\/\/centricconsulting.com\/post\/asset-protection-identity-control-office-365_portal\/"},"modified":"2021-12-15T00:15:02","modified_gmt":"2021-12-15T05:15:02","slug":"asset-protection-identity-control-office-365_portal","status":"publish","type":"post","link":"https:\/\/centricconsulting.com\/blog\/asset-protection-identity-control-office-365_portal\/","title":{"rendered":"Asset Protection: Identity Control in Office 365"},"content":{"rendered":"
<\/p>\n
Part three of a series<\/a>.<\/em><\/p>\n Prior to transforming your business to meet the needs of today\u2019s realities, you probably created an account for your user in your company\u2019s directory.<\/p>\n You likely provided that account with permissions to folders and applications on your network – perhaps individually or in groups. And you fully understand where your users will be logging in, from what devices and at what times.<\/p>\n But technology has stepped in and the old, tightly secured, impenetrable fortress of your on-premises network has been supplanted by this new \u201cwork from everywhere\u201d mentality. This is a good thing, except your users\u2019 identities and your company\u2019s assets can no longer be secured using the old methodologies for on-premises networks.<\/p>\n You\u2019ll need a hybrid strategy.<\/p>\n Enter Role-Based Access Management<\/a>, Privileged Identity Management<\/a>, Risk-based Identity Protection<\/a> and the intelligent secure graph based on machine learning and AI.<\/p>\n When you make a move to a hybrid cloud scenario you will need these. You will also want Intune for device management, the other side of the identity control scenario.<\/p>\n I use the word \u201chybrid\u201d because the idea that most companies can or will forego an established, on-premises solution is not realistic based on my client experiences.<\/p>\n The hybrid strategy will remain until all of your existing software solutions – HR, Payroll, BOM, Receivable – are also in the cloud and you\u2019re prepared to decommission your entire local infrastructure (we\u2019ll talk infrastructure topics in blog 5 of this series).<\/p>\n This is also the case whether you\u2019re using a Microsoft Active Directory or another third-party directory\/SSO\/MFA provider. Good news is you\u2019re not throwing out that investment yet!<\/p>\n First, determine your Identity Management Strategy<\/a>.<\/p>\n If you already have infrastructure available for identity management, check to see if that can be federated with Office 365 and Azure. It\u2019s a simple process even if you need to synchronize a .local domain. In this case, you will manage your accounts on-premises, including password policies, authentication management and resource requests.<\/p>\n Then, determine what applications will be available in the cloud, what roles you\u2019ll use to assign users access to resources, and most importantly, clearly define a group strategy. There are consequences to different types of group creation in Azure Active Directory and Azure Active Directory Premium that you should be aware of prior to a migration.<\/p>\n Keep in mind that these decisions don\u2019t take place in a vacuum and this will have to be a carefully considered sub-project of your overall cloud migration project.<\/p>\n Next, have a look at the additional options available to you in the Azure Active Directory Premium subscriptions, most importantly Identity Protection<\/a> and Privileged Identity Management<\/a>.<\/p>\nA Hybrid Strategy for Identity Control<\/h2>\n
Steps to Identity Control in a Hybrid Environment<\/h2>\n
\n