Azure Active Directory

Azure Active Directory (Azure AD) is the identity management solution for Microsoft and non-Microsoft cloud solutions. It simplifies authentication for business-to-business (B2B) collaboration and can also be used as identity provider for on-prem systems.

Most of the organizations are using Azure AD whether they know it or not. For example, your Azure AD instance is provisioned the moment you start using Microsoft Office 365.

Azure AD has multiple editions, free edition is included in Microsoft Office 365. Paid licenses (Premium P1 or P2) include additional features like Self-service Password Reset.

THE PROBLEM

Identity is the foundation for IT security and user experience. Misconfigurations in identity management solutions can lead to lost productivity and serious security issues.

Azure AD is relatively new and IT administrators are usually not trained for Azure AD administration or believe that Azure AD is cloud service and will be handled by cloud provider.

There are many security-related Azure AD features, which are there, but still need to be activated and configured. Because of a shortage of time for IT administrators, these security-enhancing features often remain not enabled.

Solution

Azure AD configuration assessment gives you an overview if you are not sure about your Azure AD configurations. Once completed this assessment will give you good insight and action plan, which can be implemented by internal resources or a partner. In the Azure AD assessment report there will be numerous configuration checks and description of what they mean as well as recommendations for their configuration.

Another benefit of Azure AD assessment is the ability to understand the features which are not being used but are included in the current pricing plan and this will help you to get most of the value from your Azure AD licenses.

How?

Depending on the size of infrastructure and complexity of the organization the assessment usually takes 6–8 weeks to complete.

The project starts with a kick-off meeting, followed by one or more technical interviews, then the actual configurations are inspected using scripts or manually checking the settings. Once all configuration details are analyzed, assessment report is prepared. The report contains following sections: audit summary, description of the existing environment, detailed (more than 50) configuration option reviews, assessment of their severity and recommendations.

Results are presented in an online meeting.

The following Azure AD components are assessed:

Hybrid Azure AD / Active Directory architecture:
  • Hybrid authentication architecture
  • Used tools (Azure AD Connect, ADFS, Azure AD Cloud Sync)
  • Azure AD Connect server configuration check
  • Azure AD Connect Health
  • Synchronization configuration and error check
  • SSO settings and Kerberos decryption key rollover
Azure AD configuration settings:
  • General Azure AD configuration (custom domains, branding, user settings, properties)
  • Secure Score
  • Custom domains
  • Password policies, password protection
  • License provisioning
  • Application proxy
  • Self-service Password Reset
  • Auditing
  • Azure AD configuration backup
  • Stale user check
  • Azure AD Applications
Azure AD security settings:
  • Privileged roles, permission delegation
  • Azure AD Security Settings
  • Azure AD External user settings
  • Conditional Access policies
  • Multifactor authentication configuration, authentication methods
  • Identity Protection

Pricing

The Azure AD Assessment price for

single Azure AD tenant is 4200EUR

Assumptions

A1. Customer must designate IT administrators in charge of Azure AD to participate in interviews and provide honest answers about existing Azure AD configurations. Number of interviews depend on the size and structure of the organization.

A2. We assume interviews and data collection can be performed remotely.

A3. Customer will be required to participate in final Azure AD assessment result presentation.