There’s no question that the ability to work seamlessly with other businesses – including partners, contractors and suppliers – is critical to an organization’s success. Collaboration with external users provides proven business benefits, including improved productivity, agility, visibility and more. But it also requires shared access to critical on-premises, mobile, web and cloud applications, as well as files and other network resources – which is not without its challenges. Microsoft’s intention for Azure AD is to be the fabric that connects these systems disappear in a safe and secure way that doesn’t get in the way of employee collaboration.
Azure AD is a modern identity management system that spans the cloud and on-premises, providing identity management, device enrollment, user provisioning, application access control, and data security.
External user collaboration issue
How Azure AD Enables B2B Collaboration
Because external users and their devices are not “members” of the host organization, they are not part of the central user database. As such, they are not identified in its directory service—the single store of shared information from which IT manages users, devices, and other network objects. This shared store is also responsible for verifying visitor credentials and defining access rights to corporate resources. In the Microsoft Office Suite, Active Directory (AD) is responsible for managing on-premises resources, and Azure AD provides access and identity management for users of cloud-based applications.
Related content: What are the advantages and disadvantages of Microsoft Azure
External users present a number of challenges when trying to join these organizations. There is an increased security risk in the ad hoc and resource intensive process of getting approval, waiting for setup and managing external accounts. There are also considerable maintenance issues, such as tracking the title and employment status of users from external companies.
To share or not to share?
A secure identity for all applications
Balancing security with convenience is essential, so neither gets in the way of productivity. With Azure AD Premium, external users sign in with their Azure AD account information. From there, they are able to gain authorized, role-based access to the host’s on-premises and cloud resources. From an IT perspective, this single sign-on (SSO) feature eliminates the need to manage multiple users and passwords across applications. This is conveniently pre-integrated with a thousand SaaS applications, including Salesforce, DropBox and ServiceNow, and allows the addition of custom applications and self-service capabilities.
Sophisticated identity protection
The latest Verizon Data Breach Investigations Report states that 81% of hacking breaches use stolen passwords and/or weak passwords. As attackers become more sophisticated, Azure AD Premium Identity Protection helps organizations gain the upper hand through proactive account management. Organizations can configure risk-based policies that automatically block identities that appear to be compromised. Adaptive machine learning detects and reports suspicious behavior (eg, unauthorized or geographically inconsistent logins) and automatically initiates policy-based remediation, including password resets and forced multi-factor authentication.
Tip : As today’s workforce becomes increasingly mobile, remember that informal “Bring Your Own Device” policies leave company data vulnerable to hackers and mobile malware. Make sure your business is taking steps to protect security while fostering mobility.
Privileged identity management
Protection of privileged identities is imperative given the scope of their administrative rights. This may include access to critical resources and control over the creation, modification and deletion of user accounts or configurations. Azure AD Premium enables organizations to manage, monitor and control privileged accounts and their access to resources. It also supports the enforcement of multi-factor authentication for highly privileged roles and temporary privileged access on demand, which automatically reverts to normal user status after a predetermined period.
External users do not need to have Azure AD
It’s important to note that a partner company does not need to use Azure AD to collaborate with a host organization. Through Office 365, a host can set up a special “Group” for Azure B2B collaboration. Each group is assigned an internal authorized owner. External users can be invited to create an account or proactively request an account through the organization’s self-service Azure portal. User requests are automatically routed to the Group owner, who approves additions and ensures secure access to files and applications.
Contributors use their own credentials
Whether invited or requesting access, guests can use their own email addresses (corporate or otherwise) to set usernames and passwords. This not only places responsibility with the guest, but frees the host organization from managing user identities. Azure AD Premium’s secure environment also includes policy-based multi-factor authentication. This two-step verification method provides stronger and more convenient protection of user identities and access anywhere – on any device.