Password-less Authentication with FIDO2 in Azure or other Microsoft services

Password-less Authentication with FIDO2 in Azure or other Microsoft services

As a security-conscious person, I try all the time to find new ways to enhance my security posture in ways where I get the best of both worlds without adding too much complexity. That means that I want to have the latest and greatest security measures implemented without having a very complex infrastructure which, in the end, it might end up as a single point of failure. 

In some ways, you might consider me more of a paranoid person rather than a security-conscious person. My whole home has layers over security layers implemented where you might say that I harbor military secrets.

Continue reading

Integrating your Active Directory domain with Azure Active Directory

With the plethora of service that Microsoft offers via its Office365 service, it’s hard to ignore the fact that having multiple identities across your organization can be quite problematic. With every Azure or Office 365 subscription you get provisioned an Azure Active Directory account in order for you to be able to login to consume the services you just paid for. Using one account you can get access to Exchange, SharePoint, Office 201(x) on demand, Dynamics CRM, Skype For Business and other neat tools like Planner, Sway. With Enterprise Mobility Suite you get access to Azure Rights Management, Intune, Information Security, Azure Active Directory Premium which include a lot of features like service wide MFA, Azure Active Directory Join (Windows 10 is best for this job).

What I’m trying to say here that using one account you get access to a multitude of services that improve your workflow and organization. The only problem with this is that most organizations have on-premise servers and a central directory management system (Active Directory, OpenLDAP/Samba, 389 Server etc.) and having multiple accounts (and passwords) proves to be quite a challenge for the IT staff to enforce security whilst providing the best experience for their users. We all know that password security is a big problem (look at all the breaches that happened in the last 2 years) and enabling the best security under one roof is one of the ways to go.

In this article I will talk about how you can integrate your on-premise Active Directory domain with Azure Active Directory in order to provide your users the best experience while accessing their resources without compromising your organizations security.

Pin It on Pinterest