Cloud Infrastructure Deployment
In technical terms, when we talk about migrating to Cloud Infrastructure, we are proposing a move away from Microsoft Active Directory and into Azure Active Directory
Presently, the majority of organisations have an On-Premises Windows Domain Controller running Microsoft Active Directory with a local domain (e.g. company. local) – and at the same time are using Microsoft Office 365 for their Email, Teams, OneDrive and SharePoint needs (e.g. company.com).
It is important to understand that Microsoft Office 365 already uses Azure Active Directory in the background – and as such, most organisations already have a certain amount of the work already done in terms of initial setup.
The Cloud Based Azure Active Directory is similar, but not the same as on premises Microsoft Active Directory. It is the central directory for your network which contains the database of users, groups, passwords etc – but it does not contain Group Policy for Device Management natively – This is achieved using Microsoft Endpoint Manager (a.k.a. Microsoft Intune) –
Where traditionally computers would be “Domain Joined”, which means that they are receiving their policies and instructions from the on-premises “Domain Controller” –
Computers now in the new way of working are referred to as “Azure AD Joined”, which means they are receiving the policies and instructions from the Azure Active Directory.
One of the most fundamental areas to address regarding security on your network, is to have a centralised system for authenticating your users, and that Multi-Factor Authentication is enabled across all services that your staff use
Very often, we see organisations with staff that have different usernames & passwords for everything from email, to Server Access, to 3rd party applications (e.g. DocuSign, Salesforce etc) –
This presents a number of logistical and security challenges.
The solution to this is using Azure Active Directory as an Identity Provider with Single Sign On (SSO) There are a huge number of apps and services now which integrate directly with Microsoft Azure for sign in – all logs & records of sign-ins are kept within Microsoft Azure – so we can generate reports and monitor the security of the environment that way.
Device Compliance can be also used as a conditional access requirement and Intune Compliance Policies can monitor for parameters such as:
- Is Device Encryption enabled?
- Is there a passcode set on the device?
- Is the device clean of any illegal software (i.e. Jailbreak software)
If the answer is yes to all of the above, the device would be marked as “in compliance”, but if the answer is no to any of the above, the device would be marked as “not compliant”.
Several actions can then take place based on that outcome (e.g. notify the user that their device is out of compliance and email the helpdesk on their behalf to get the issue rectified).
Contact us today to find out more about how these solutions can help your organisation to achieve their Strategic objectives without compromising security.