Identity Security & Threat Protection

Secure Identity

Today your perimeter is not the corporate network anymore. People use their identity to access company data and resources. The first foundation step is establishing a single, common identity for each user. Most organizations still have on-premise infrastructure, this means we have to setup a link between your Azure Active Directory (Azure AD) and on-premise resources.

DexMach has already assisted many customers in migrating AD FS registered applications to Azure AD authentication. This is handled in our App Modernization approach. During our workshops we run through each option in detail, helping you to make the right decision. Together with you we create a roadmap to facilitate your cloud authentication migration.

Second factor authentication

Passwords are weak and subject to cyber-security threats. We assist implementing a second authentication factor. Azure Multi-Factor Authentication (MFA) allows the user to for example send him a pin code or configure an app on its smartphone to confirm their identity. When these additional verifications happen, depend on the defined security policy. During our workshops we discuss all possible options and configurations to secure your identities at all times.

Just-in-time administrative access

Most companies have a lot of domain admins in their on-premise directory. Removing those permissions is mostly overlooked and people keep these administrative permissions permanently. In Azure Active Directory we have a solution called Privileged Identity Management. This solution allows for just-in-time access of those permissions, meaning users are eligible to request them but are revoked after a defined period of time. Least privilege access is a best practice we use in all our solutions and automation.

Identity risk assessment

When you migrate your identities to cloud authentication, you need to know if the users login is not compromised before accessing corporate resources and data. Identity Protection also checks if a login is done from a trusted location or not. When a user is assessed as being at risk, Identity Protection might ask the user to reset its password or it invokes a second authentication to verify its identity.

DexMach experts will explain this feature during the workshops.

HYBRID IDENTITY AND AUTHENTICATION METHODS

Cloud Authentication

Federated Authentication

Password Hash Synchronization
(PHS)

The simplest way to enable authentication for on-premise directory objects in Azure AD. Users can use the same username and password that they use on-premises to access cloud resources.

Pass-through Authentication
(PTA)

Provides a simple password validation  for Azure AD authentication services by using a software agent that runs on one or more on-premise servers. These servers validate the users directly with your on-premises Active Directory, which ensures that the password validation does not happen in the cloud.

Active Directory Federation Services
(AD FS)

Azure AD hands off the authentication process to the on-premises Active Directory Federation Services (AD FS) to validate the user’s password.

No need to deploy additional infrastructure.

Azure AD Connect automatically installs the PTA agent. Additional agents can be installed for high availability.

Complex AD FS infrastructure to maintain.

When your connection to on-premise is unavailable you are still able to login to cloud resources.

Enable PHS option to sync your hashes in case of disaster recovery when PTA is unavailable.

Enable PHS option to sync your hashes in case of disaster recovery when AD FS is unavailable.

Password Hash Synchronization (PHS)

The simplest way to enable authentication for on-premise directory objects in Azure AD. Users can use the same username and password that they use on-premises to access cloud resources.

No need to deploy additional infrastructure.

When your connection to on-premise is unavailable you are still able to login to cloud resources.

Pass-through Authentication (PTA)

Provides a simple password validation  for Azure AD authentication services by using a software agent that runs on one or more on-premise servers. These servers validate the users directly with your on-premises Active Directory, which ensures that the password validation does not happen in the cloud.

Azure AD Connect automatically installs the PTA agent. Additional agents can be installed for high availability.

Enable PHS option to sync your hashes in case of disaster recovery when PTA is unavailable.

Active Directory Federation Services (AD FS)

Azure AD hands off the authentication process to the on-premises Active Directory Federation Services (AD FS) to validate the user’s password.

Complex AD FS infrastructure to maintain.

Enable PHS option to sync your hashes in case of disaster recovery when AD FS is unavailable.

Threat protection

Intrusion detection

Cybersecurity threats are more and more in the news. Companies are the victim of targeted attacks to steal your identities and perform malicious actions in your environment. Microsoft Azure ATP enables you to detect advanced attacks in hybrid environments by monitoring users, systems and activity behavior with intelligent learning-based analytics. Organizations are able to identity and investigate suspicious activities and advanced attacks throughout the kill chain. You get clear insights where and how the attack has started via a timeline view of events.

Protect against phising attacks

A similar solution to Azure ATP is called Microsoft O365 ATP. This solution has the purpose to scan and protect your email messages, links and collaboration tools (Office 365, SharePoint, Teams). Actions are based on policies configured with the appropriate level of protections. You get a view of real-times reports and ability to use leading-edge tools to investigate, understand, simulate and prevent treats.

Fast setup and configuration of O365 ATP makes it a quick-win to protect your organization from phising attacks

Post-breach detection, investigation and response

Windows Defender ATP is a platform aimed specifically to Windows clients and uses a combination of technology built into Windows 10 and Microsoft Azure cloud. Sensors embedded in Windows 10 collect and process behavioural signs from the Operating system and sends them to your isolated cloud instance of Windows Defender ATP. This instance is based on big-data, machine learning, unique optiques across the windows ecosystem, enterprise cloud products, online assets to detect and recommends responses to advanced threats. This intelligence is made possible by Microsoft and treat intelligence partners. It enables Windows Defender ATP to identify attacker tools, techniques and procedures, which generates alerts when these are observers in collected data.

Sophisticated analytics 

To help your company to stay secure, you must find the right balance of supporting access while maintaining control to protect critical data. Microsoft Cloud App Security helps you to take advantage of the cloud applications, but keeps you in control through improved visibility into activity. Shadow IT, assess risk, enforce policies, investigate activities and stop threats are the main goals.

Customer opportunity

Rapid workplace provisioning.

Business agility and flexibility with an increase in employee satisfaction and efficiency.

Centralized workplace management.

Cloud managed.

Expert training for your system engineers.

Get started

Step 1 – Workshop and Design documentation.

Step 2 – Execute a Proof-of-Concept Cloud Device Management.

Step 3 – Create your project road-map for Cloud Device Management implementation.

Contact


DexCare, your 24/7 cloud care plan

more >

Dexbrix off-the-shelf productivity bricks

more >