College campus with fountain and sidewalk

Identity & Access Management Solution with Azure AD

Abstract

This Microsoft project modernized and simplified a secure identity and access management solution by leveraging SSO, MFA, conditional access, and more with Azure AD for a private Mid-Atlantic University.

What Data Networks Did for the University

 

  • Planned a modern authentication solution leveraging existing investments and Microsoft’s Authenticator application.
  • Integrated existing user, device, and group management solutions into the new, modern identity and access management solution.
  • Reduced the volume of password reset requests by enabling a self-service password reset portal.
  • Increased security by blocking legacy authentication solutions through Azure AD Conditional Access to prevent unsecured authentication protocols (POP, SMTP, IMAP, MAPI) that cannot enforce MFA.
  • Implemented Microsoft’s Azure Directory Premium P2 and Identity & Access Management solution.

The challenge

The University had to keep IT infrastructure and security current with the demands of today’s students, staff, and faculty. IT administration was already taxed with the planning and implementation efforts to improve their internal systems, including:

  • A new finance application to protect and manage financial aid
  • A new student information system (SIS) to deliver better learning and development tracking for students

As the application footprint grew (both on-premises and in the cloud), so did the university’s attack surface. These growing security concerns caused the university to seek the support of Data Networks.

With their student body becoming increasingly mobile and with more educational content moving online, the university faced an uphill climb. The university’s IT leaders and staff were tasked with providing access to as many applications as possible while protecting the university and its students from unauthorized users, in addition to other key challenges:

  • Deploying critical applications, such CampusNexus’ campus management system and student management system
  • Maintaining an effective access management and identity solution
  • Replacing multiple siloed solutions that were burdensome to manage and secure
  • Deploying a comprehensive “single source of truth” identity management system to resolve conflicts with data sources and personnel
  • Eliminating significant security vulnerabilities and replacing outdated security practices
  • Handling a high volume in password reset requests

The solution

Data Networks created a multi-phased plan to deliver increased security and modern applications to the university’s students, faculty, and staff. The solution introduced new technologies while leveraging the university’s existing technology investments, delivering a security overhaul that improved the university’s service offerings while making the entire environment more secure.

Implementation of Microsoft Azure Active Directory Premium P2

This comprehensive security suite already owned by the university allowed for the creation of a single sign-on across all applications, whether on-premises or in the cloud. As a robust and refined cloud-based Identity and Access Management platform, Azure AD Premium P2 provided the university with advanced security features, including:

  • Conditional Access
  • Multi-Factor Authentication (MFA)
  • Single Sign-On (SSO)
    Self-Service Password Reset (SSPR)
  • Privileged Identity Management (PIM)

Microsoft Applications

 

  • Microsoft Azure Active Directory Premium P2
  • Multi-Factor Authentication & risk-based MFA
  • Microsoft Azure AD Conditional Access

With the support of Data Networks’ Microsoft Engineers, the school was able to deploy the Microsoft Azure AD P2 application to its fullest.

Multi-Factor Authentication (MFA)

By asking more of the user, multi-factor authentication (MFA) adds a crucial extra layer of security. As a result, the university encountered fewer help-desk costs, while enjoying the benefits of MFA’s enhanced protection.

Risk-based MFA

To maximize the experience for trusted users and stop infiltrators in their tracks, risk-based MFA intelligently analyzes users and decides when to request additional verification. With this capability in place, IT Admin can detect suspicious activity and challenge intruders before they can do any damage, while allowing frictionless access to legitimate users.

Microsoft Azure AD Conditional Access

Today’s security administrators are faced with two competing priorities: protect the organization and its electronic assets, and enable users to be productive no matter their location. Organizations can no longer settle for passwords alone to block or allow access to their networks and applications. With Conditional Access, a component of Microsoft Azure Active Directory, the system analyzes various user signals like the user identity and location, the device they’re using, the application they’re accessing, and other risk factors. Based on these factors, the system can decide whether to allow access, require MFA, or deny access.

Knowledge Transfer

Data Networks’ final deliverable was to setup knowledge transfer sessions with their Senior Microsoft Engineers and the university’s IT staff. These sessions reviewed the setup and functionality of the new platforms, the Recent Activity page, remediation procedures, guest user access plans, Azure AD’s activity and risk reports, their Microsoft 365 Security Score, and Conditional Access policies.

Mission accomplished

By leveraging the advanced features of Azure Active Directory Premium P2 (part of the Microsoft 365 A5 suite), the university was able to both modernize and simplify their identity and access management solution. Users benefit from a simpler authentication process that works everywhere (single sign-on), and administrators benefit from easier security reporting, management, and automation. Dashboard reporting of authentication allows for IT Admins to quickly identify and remediate threats and determine that the university’s network is secure.

Click here to view the PDF version of the Foundational Security with Azure AD for Private Mid-Atlantic University case study.