If your institution is using Microsoft 365 (formerly Office 365), you also have—and are responsible for—Azure Active Directory (Azure AD), Microsoft’s cloud-based identity and access management service. Microsoft Online business services like M365/O365, require Azure AD for sign-in and to help with identity protection. If you subscribe to Microsoft Online business services, you automatically get Azure AD with access to all the free features.
With an Azure AD tenant, you’re responsible for overseeing Azure AD’s security features, which can be customized to your business requirements. For instance, you can use Azure AD to require multi-factor authentication for users who are accessing important organizational resources. You can also employ Azure AD utilities to automate user provisioning between your existing Windows Server AD and cloud apps, including M365.
The Good News: You’ve Already Vetted Azure AD
If you’re daunted by the idea of overseeing Azure AD, don’t be. You’ve likely already vetted Azure AD for compliance because you’re using M365/O365. So, if you properly completed the vendor management process, Azure is already covered. In addition, Microsoft has taken steps to secure the environment that houses data in the Azure AD platform.
However, customers have the ability to choose settings that can make Azure AD more secure. Since M365/O365 is designed to be a collaborative environment, their out-of-the-box security settings are calibrated for sharing, requiring some modifications to enhance the security features. For example, you can use the Azure AD management interface to adjust the sharing dial to keep users from disclosing non-public or sensitive information.
If you obtain an Azure AD license through a third party, you’re still responsible for managing, controlling, and monitoring access within your organization. This includes access to resources in Azure AD and other Microsoft Online services like Microsoft 365/Office 365. More importantly, your institution (not your vendor) is responsible for managing all the security features of Azure AD.
With an Azure AD tenant, you should:
- Manage your cloud and on-premises apps
- Manage your guest users and external partners, while maintaining control over your own corporate data
- Customize and control how users sign up, sign in, and manage their profiles when using your apps
- Manage how your cloud or on-premises devices access your corporate data
- Manage your organization’s identity through employee, business partner, vendor, service, and app access controls
- Detect potential vulnerabilities affecting your organization’s identities, configure policies to respond to suspicious actions, and then take appropriate action to resolve them
- Gain insights into the security and usage patterns in your environment through reports and monitoring
Safe Systems can help financial institutions optimize key features in Azure AD and M365/O365 to meet or exceed their security objectives. Our M365 Security Basics solution can provide expertise and visibility into security settings through reporting, alerting, and quarterly reviews.