Identity & Access Management Solution with Azure AD

What Data Networks Did for University

Planned a modern authentication solution leveraging existing investments and Microsoft’s Authenticator application.

Integrated existing user, device, and group management solutions into the new, modern identity and access management solution.

Reduced the volume of password reset requests by enabling a self-service password reset portal.

Increased security by blocking legacy authentication solutions through Azure AD Conditional Access to prevent unsecured authentication protocols (POP, SMTP, IMAP, MAPI) that cannot enforce MFA.

Implemented Microsoft’s Azure Directory Premium P2 and Identity & Access Management solution.

The challenge

The University had to keep IT infrastructure and security current with the demands of today’s students, staff, and faculty. IT administration was already taxed with the planning and implementation efforts to improve their internal systems, including:

A new finance application to protect and manage financial aid
A new student information system (SIS) to deliver better learning and development tracking for students

As the application footprint grew (both on-premises and in the cloud), so did the university’s attack surface. These growing security concerns caused the university to seek the support of Data Networks.

With their student body becoming increasingly mobile and with more educational content moving online, the university faced an uphill climb. The university’s IT leaders and staff were tasked with providing access to as many applications as possible while protecting the university and its students from unauthorized users, in addition to other key challenges:

Deploying critical applications, such CampusNexus’ campus management system and student management system
Maintaining an effective access management and identity solution
Replacing multiple siloed solutions that were burdensome to manage and secure
Deploying a comprehensive “single source of truth” identity management system to resolve conflicts with data sources and personnel
Eliminating significant security vulnerabilities and replacing outdated security practices
Handling a high volume in password reset requests

Microsoft Applications

Microsoft Azure Active Directory Premium P2
Multi-Factor Authentication & risk-based MFA
Microsoft Azure AD Conditional Access

The solution

Data Networks created a multi-phased plan to deliver increased security and modern applications to the university’s students, faculty, and staff. The solution introduced new technologies while leveraging the university’s existing technology investments, delivering a security overhaul that improved the university’s service offerings while making the entire environment more secure.

Implementation of Microsoft Azure Active Directory Premium P2

This comprehensive security suite already owned by the university allowed for the creation of a single sign-on across all applications, whether on-premises or in the cloud. As a robust and refined cloud-based Identity and Access Management platform, Azure AD Premium P2 provided the university with advanced security features, including:

Conditional Access
Multi-Factor Authentication (MFA)
Single Sign-On (SSO)
Self-Service Password Reset (SSPR)
Privileged Identity Management (PIM)

With the support of Data Networks’ Microsoft Engineers, the school was able to deploy the Microsoft Azure AD P2 application to its fullest.

Multi-Factor Authentication (MFA)

By asking more of the user, multi-factor authentication (MFA) adds a crucial extra layer of security. As a result, the university encountered fewer help-desk costs, while enjoying the benefits of MFA’s enhanced protection.

Risk-based MFA

To maximize the experience for trusted users and stop infiltrators in their tracks, risk-based MFA intelligently analyzes users and decides when to request additional verification. With this capability in place, IT Admin can detect suspicious activity and challenge intruders before they can do any damage, while allowing frictionless access to legitimate users.

Microsoft Azure AD Conditional Access

Today’s security administrators are faced with two competing priorities: protect the organization and its electronic assets, and enable users to be productive no matter their location. Organizations can no longer settle for passwords alone to block or allow access to their networks and applications. With Conditional Access, a component of Microsoft Azure Active Directory, the system analyzes various user signals like the user identity and location, the device they’re using, the application they’re accessing, and other risk factors. Based on these factors, the system can decide whether to allow access, require MFA, or deny access.

Knowledge Transfer

Data Networks’ final deliverable was to setup knowledge transfer sessions with their Senior Microsoft Engineers and the university’s IT staff. These sessions reviewed the setup and functionality of the new platforms, the Recent Activity page, remediation procedures, guest user access plans, Azure AD’s activity and risk reports, their Microsoft 365 Security Score, and Conditional Access policies.

Mission accomplished

By leveraging the advanced features of Azure Active Directory Premium P2 (part of the Microsoft 365 A5 suite), the university was able to both modernize and simplify their identity and access management solution. Users benefit from a simpler authentication process that works everywhere (single sign-on), and administrators benefit from easier security reporting, management, and automation. Dashboard reporting of authentication allows for IT Admins to quickly identify and remediate threats and determine that the university’s network is secure.

Click here to view the PDF version of the Identity & Access Management Solution with Azure AD case study.