Azure Active Directory (AD) is the authentication and access control directory for the Microsoft Office 365 platform, including Exchange Online, Skype for Business Online and SharePoint Online. Azure AD can also be integrated with non-Microsoft solutions such as Salesforce and Workday, becoming a key security component for those systems.
Securing Azure AD is critical. Organizations need to ensure that users who access the critical resources (that Azure AD protects) are who they claim to be and only the rights that they require.
One way of developing effective Azure AD security practices is to organize it into four phases:
- Continually assess
- Detect and alert
- Remediate and mitigate
- Investigate and recover
It’s important to understand that none of these phases is ever really complete; each one needs to be continually practiced and iteratively improved upon. This whitepaper builds on Part 1, which outlines the need to “continually assess” and expands on how to “detect and alert.”