Azure Active Directory (Free and Premium P1 + P2)

  • Author: Ronald Fung

  • Creation Date: May 9, 2023

  • Next Modified Date: May 9, 2024


A. Introduction

If your organization has a paid subscription to Microsoft 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services, you have a free subscription to Microsoft Azure Active Directory. You and other admins can use Azure AD to create and manage user and group accounts. To use Azure AD, just go to the Azure portal and sign in to your account.

With Azure AD Premium P1, you can create role-assignable groups and assign roles to these groups. Assigning roles to a group instead of individuals allows for easy addition or removal of users from a role and creates consistent permissions for all members of the group. For more information, see Assign Azure AD roles to groups.

Consider using Azure AD Premium P2 edition, which includes Azure AD Identity Protection. Identity Protection uses adaptive machine learning algorithms and heuristics to detect anomalies and risk events that may indicate that an identity has been compromised.


B. How is it used at Seagen

As a biopharma research company using Microsoft Azure, you can use Azure Active Directory (Azure AD) to manage and secure access to your applications and resources. There are different editions of Azure AD available, including Free, Premium P1, and Premium P2. Here are some ways you can use each edition of Azure AD:

  1. Azure AD Free: This edition of Azure AD provides basic user management and authentication features. You can manage user accounts, synchronize with on-premises directories, and enable self-service password reset. You can also integrate with Microsoft Office 365 and other Azure services.

  2. Azure AD Premium P1: This edition of Azure AD provides additional features such as conditional access policies, Azure AD Connect Health, and self-service group management. With conditional access policies, you can control access to your applications based on conditions such as user location, device type, and risk level. Azure AD Connect Health provides monitoring and insights into your on-premises directory synchronization. Self-service group management allows users to create and manage their own security groups.

  3. Azure AD Premium P2: This edition of Azure AD provides advanced identity protection features such as identity governance, privileged identity management, and advanced threat analytics. With identity governance, you can manage access to your applications and resources based on user roles and entitlements. Privileged identity management allows you to manage and monitor privileged access to your resources. Advanced threat analytics provides insights into potential security threats and helps you to detect and respond to security incidents.

Overall, Azure AD can help your biopharma research company manage and secure access to your applications and resources. With Free, Premium P1, and Premium P2 editions available, you can choose the edition that best fits your needs and budget.


C. Features

Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service. It offers a range of features, including those available in both the free and premium versions. Here are some of the features of Azure AD:

Free Version

  1. Single Sign-On (SSO): Allows users to sign in to different applications and services with a single set of credentials.

  2. Self-Service Password Reset (SSPR): Allows users to reset their own passwords.

  3. Multi-factor Authentication (MFA): Provides an extra layer of security by requiring users to provide more than one form of authentication.

  4. Azure AD Connect: Allows synchronization of on-premises Active Directory identities with Azure AD, providing a single sign-on experience across cloud and on-premises applications.

  5. Application Proxy: Provides remote access to on-premises web applications using Azure AD.

  6. B2B Collaboration: Allows organizations to collaborate with external partners, customers, and vendors.

Premium P1 Version (includes all features of the Free Version plus)

  1. Conditional Access: Allows administrators to define rules that determine when and how users can access applications and services.

  2. Identity Protection: Provides advanced threat intelligence to identify and respond to potential identity-based risks.

  3. Privileged Identity Management (PIM): Allows administrators to control access to privileged accounts and resources.

  4. Group-based Access Management: Allows administrators to assign access permissions based on group membership.

  5. Azure AD Join: Allows devices to be registered and managed in Azure AD.

Premium P2 Version (includes all features of the Premium P1 Version plus)

  1. Identity Governance: Provides tools to manage access to resources and ensure compliance with regulatory requirements.

  2. Identity and Access Insights: Provides advanced analytics to detect and respond to potential security threats.

  3. Microsoft Identity Manager (MIM): Provides identity and access management capabilities for on-premises and hybrid environments.

  4. Password Protection: Provides advanced password policies and protection against common password attacks.

  5. Privileged Access Management (PAM): Provides advanced management of privileged access to resources and accounts.

Overall, Azure AD provides a range of features to help organizations manage identities and access to resources. By choosing the appropriate version of Azure AD, organizations can select the features they need to meet their specific requirements.


D. Where implemented

LeanIX


E. How it is tested

Testing Azure Active Directory involves ensuring that the identity and access management service is functioning correctly, securely, and meeting the needs of all stakeholders involved in the project. Here are some steps to follow to test Azure Active Directory:

  1. Define the scope and requirements: Define the scope of the project and the requirements of all stakeholders involved in the project. This will help ensure that Azure Active Directory is designed to meet the needs of all stakeholders.

  2. Develop test cases: Develop test cases that cover all aspects of Azure Active Directory functionality, including single sign-on, self-service password reset, multi-factor authentication, and access management. The test cases should be designed to meet the needs of the organization, including scalability and resilience.

  3. Conduct unit testing: Test the individual components of Azure Active Directory to ensure that they are functioning correctly. This may involve using tools like PowerShell or Azure CLI for automated testing.

  4. Conduct integration testing: Test Azure Active Directory in an integrated environment to ensure that it works correctly with other systems and applications. This may involve testing Azure Active Directory with different operating systems, browsers, and devices.

  5. Conduct user acceptance testing: Test Azure Active Directory with end-users to ensure that it meets their needs and is easy to use. This may involve conducting surveys, interviews, or focus groups to gather feedback from users.

  6. Automate testing: Automate testing of Azure Active Directory to ensure that it is functioning correctly and meeting the needs of all stakeholders. This may involve using tools like Azure DevOps to set up automated testing pipelines.

  7. Monitor performance: Monitor the performance of Azure Active Directory in production to ensure that it is meeting the needs of all stakeholders. This may involve setting up monitoring tools, such as Azure Monitor, to track usage and identify performance issues.

  8. Address issues: Address any issues that are identified during testing and make necessary changes to ensure that Azure Active Directory is functioning correctly and meeting the needs of all stakeholders.

By following these steps, you can ensure that Azure Active Directory is tested thoroughly and meets the needs of all stakeholders involved in the project. This can help improve the quality of Azure Active Directory and ensure that it functions correctly in a production environment.


F. 2023 Roadmap

????


G. 2024 Roadmap

????


H. Known Issues

There are several known issues that can impact Azure Active Directory. Here are some of the most common issues to be aware of:

Free Version

  1. Limitations on features: The free version of Azure AD has limitations on features, and may not meet the needs of all organizations.

  2. Performance issues: If the system is not properly sized, it can impact performance and availability, causing issues with authentication and access management.

  3. Integration issues: Integration issues can arise when integrating Azure AD with other systems and applications. It is important to ensure that Azure AD is designed to work seamlessly with other systems and applications to avoid integration issues.

  4. Security issues: Security is a critical concern when it comes to Azure AD. It is important to ensure that all data is encrypted in transit and at rest, and that access to Azure AD is restricted to authorized personnel.

Premium P1 and P2 Versions

  1. Complexity: The premium versions of Azure AD can be complex to set up and manage, and may require additional expertise or resources.

  2. Integration issues: Integration issues can arise when integrating Azure AD with other systems and applications. It is important to ensure that Azure AD is designed to work seamlessly with other systems and applications to avoid integration issues.

  3. Performance issues: If the system is not properly sized, it can impact performance and availability, causing issues with authentication and access management.

  4. Security issues: Security is a critical concern when it comes to Azure AD. It is important to ensure that all data is encrypted in transit and at rest, and that access to Azure AD is restricted to authorized personnel.

  5. Licensing and subscription issues: Licensing and subscription issues can impact the ability to access and use features available on Azure AD. It is important to ensure that all licensing and subscription requirements are met to avoid issues with accessing and using features.

Overall, Azure Active Directory requires careful planning and management to ensure that it is functioning correctly and meeting the needs of all stakeholders involved in the project. By being aware of these known issues and taking steps to address them, you can improve the quality of Azure Active Directory and ensure the success of your project.


[x] Reviewed by Enterprise Architecture

[x] Reviewed by Application Development

[x] Reviewed by Data Architecture