Office 365: Worth the Switch for Identity Management?
The Microsoft Office Suite is moving to the cloud, and your organization will eventually need to migrate to Office 365 to continue using the products. If you are planning your transition to Microsoft Office 365, chances are identity management is one of your top concerns as you prepare to move scores of users over into a new platform. Quanterion Solutions analyzed Office 365’s basic identity management features to determine if the cloud subscription is more secure than its on-premise predecessor.
Let’s start with an understanding of Microsoft 365’s two main identity management models, cloud-only identity and hybrid identity.
A cloud-only identity manages and stores users in the Azure Active Directory (Azure AD) only. Users log in with their cloud identity account to access Microsoft 365 services.
Admins have the option of using the Microsoft 365 admin center or Windows PowerShell to manage cloud identities. Passwords can be managed through the Microsoft 365 admin center or the Azure AD admin center.
The Cloud Identity model is a simpler model than the hybrid as no additional servers are necessary. It often works well for small organizations that have fewer users to manage, do not have servers, or do not use the Azure Active Directory Domain Services.
The hybrid model includes more infrastructure to maintain because it syncs on-premise accounts with the cloud accounts. Passwords must be managed on the on-premise app.
The Hybrid Identity model stores user accounts in the Azure Active Directory Domain Services as well as the Azure Active Directory, which is the main difference between the hybrid and cloud identities.
The Hybrid model authenticates users with the Azure AD tenant or by redirecting the login request to another identity provider.
The main benefit of the Hybrid model is that the same credentials can be used to access on-site or cloud services.
Azure AD user management provides enhanced security features
User identities are managed through Azure Active Directory (Azure AD), which is included in an Office 365 subscription. Azure AD allows customers to create user accounts, manage accounts, set up single sign-on, and sync user accounts from your on-premise Active Directory Domain Services (AD DS).
User role management
Azure AD includes a role based access control system, which enables admins to create user roles. The admins delegates the roles to users who can then access the associated identity account, resources, and apps. Privileged Identity Management (PIM) is another Azure AD tool that enables admins to control and monitor access to resources.
Azure Identity Protection and other on-cloud identity management tools
Managing user identities must extend beyond accounts and into identity protection, which Azure AD claims it can handle. Azure AD Identity Protection identifies suspicious user login attempts and produces alerts when an established level of risk has been reached.
Microsoft’s comprehensive Azure AD also offers improved identity management features such as Identity as a Service (IDaaS) for an organization’s apps including those on-premise and those on the cloud. View a detailed comparison of Azure AD vs. the on-premise AD AS.
The free subscription to Azure AD can also be upgraded to a paid level for additional identity management features.
Office 365 includes Multifactor Authentication (MFA) options
Microsoft’s Office 365 provides admins the option to require users to use MFA to access Outlook or the cloud. People who use MFA are at a 99% lower risk of being hacked as compared to those who do not enable MFA.
Azure AD also provides passwordless login technologies, which are more convenient for the user while still providing MFA. The password is replaced with something you have, plus something you are or something you know.
Admins of Microsoft 365 can enable self-service password reset which allows users to reset their passwords and/or MFA themselves, saving companies IT support costs and time.
The on-cloud version offers improved mitigation functionality
Microsoft Office on-premise is much easier to breach because bad actors only need to hack your system, rather than Microsoft’s. If your on-premise version is breached and your server is housing your email, your entire email system will be shut down. However, if a breach makes it through Microsoft 365’s advanced security, you will be able to request Microsoft support to mitigate the problem and protect your digital identities.
Migrating numerous users and terabytes of data over into a cloud-based platform such as Microsoft 365 can become an identity security crisis if not properly managed. If your company is considering making the transition to Microsoft 365, make sure to incorporate identity management best practices. Contact Quanterion’s IT department for support at IT@Quanterion.com
This resource was provided by Quanterion Solutions for Cybersecurity Awareness Month. Access additional Cybersecurity Awareness Month resources.
View Identity Management tips and resources for organizations and consumers.
Follow Quanterion on social media to access cybersecurity resources, tips, and more.