Managing access to apps and data can no longer rely on the traditional network security boundary strategies such as perimeter networks and firewalls because of the rapid movement of apps to the cloud. Now organizations must trust their identity solution to control who and what has access to the organization's apps and data. Controls need to move to where the data is: on devices, inside apps, and with partners. Identities, representing people, services, or IoT devices, are the common dominators across today's many networks, endpoints, and applications. For a reason, identity management is one of the six foundational pillars of a Zero Trust framework. To implement a strong identity, Microsoft recommends four steps:
- Multi-factor authentication,
- Policy-based access,
- Identity protection,
- Secure access to SaaS and on-premises apps
In this blog article we summarize the importance of policy-based access in strong identity management, which provides the proper balance between employee productivity and security.
Organizations need ways to restrict access to applications and systems in certain circumstances, such as gating access to an enterprise application based on signals associated with user and device identity. When a user, device or session risk is detected, access policies can decide whether to block access to a requested resource or request more information, such as MFA, for granting access.
Azure AD Conditional Access can enforce access policies for applications using signals from a variety of different sources, including Azure AD Identity Protection, Microsoft Cloud App Security and Microsoft Defender for Identity. Azure AD Conditional Access can enforce session-control policies that limit what users can do with their access. The goal in supporting policies for limited access is to ensure users have an opportunity to remain productive while minimising security risks.
Vitan Kostov, Noventiq’s Solution Sales Manager highlights the importance of Policy-based Access through some examples how organizations can strengthen their identity with this solution. “Employees can be allowed to use certain applications without MFA when they are using the corporate network, however MFA might be required to access the same application through a public Wi-Fi. In addition, continuous access evaluation for Microsoft 365 is a key concept supplementing the ordinary conditional access policies. That powerful combination between fully integrated Microsoft technologies allows users to continue working in the context they usually do, without being bothered by security controls and prompts, as long as they are configured properly. Meanwhile security level is not compromised because the system is automatically detecting events, such as user account being deleted or disabled, changed password, enabled MFA, explicitly revoked token or elevated risk criteria met. If at least one of those is met, the right policy is activated, so the security of the user, data or environment is further enhanced automatically. Technically speaking, the system will not wait for cached tokens to expire to renew the security requirements and controls associated with user or assets. Hence, with policy-based access we have near real time protection alongside an optimized for productivity user experience that omits all unnecessary or excessive security prompts and checks. That way, we all can focus on our work, knowing that we are protected
Make sure that your company is ‘Zero Trust’ secure, starting with strong identity management. Contact Noventiq and ask our service to check how protected your business is.