Better Together: Microsoft Active Directory and One Identity Active Roles for Enhanced Security and Efficiency

As distributed working becomes more common, it can potentially lead to security breaches, enterprise ransomware attacks, and many other negative costly impacts for organizations. Mitigate these challenges and bolster security by leveraging a unified identity management system from One Identity. You can get control of your Microsoft Active Directory and Azure ID to enhance security, automate user accounts, and improve IT efficiency. AD and Azure AD with One Identity Active Roles are better together and provide the security and efficiency you need for today's hybrid AD environments. A key benefit of Active Roles is the capability to manage multiple directories from a single interface, which dramatically improves efficiency and reduces errors, all in all, improving your IT security. As an admin, you have to manage an on-prem AD and cloud-based Azure AD with Microsoft 365. Typically, to manage these two directories, you would use an AD tool, such as Active Directory users and computers, Microsoft 365 Admin Center, or Azure Portal. In this example, we streamline it and do everything right from the Active Roles web interface. Let's look at Active Directory through Active Roles. You can drill right into your directory with your organizational unit structure. We'll do a simple task and create a new user. This can also be done through an automated process. When creating a new user, you have the option to create the Azure account simultaneously. When you do this, it will create the account in Azure AD, Microsoft 365, as well as in on-prem AD at the same time. Additionally, you can assign Microsoft 365 licenses to the user as well. You also have the option to add Microsoft 365 Roles. [MUSIC PLAYING] Once you are done creating the user profile, click Finish and the user account will be created in all the platforms at the same time. You can now view the user account just as you would with any other AD account. You see all the native AD attributes, as well as Active Roles virtual attributes that you have assigned to this user. And you can manage the Azure properties right from the same interface to make any necessary changes. It's much easier. This simplified approach to complex environments saves time, reduces errors, and improves your security and peace of mind. Another benefit of Active Roles is the improved visibility into Azure which helps to monitor Azure consumption and Microsoft 365 licenses. In this example, you are logged into the system as a different user. So you have the ability to dive even deeper into the directory and see into Azure as well. When you look at your Azure configuration, you can see the connected domains in the Azure tenants and licenses you have. This shows where you stand with Microsoft regarding your license consumption. Here, you can see the Microsoft 365 Roles Report that shows the number of people you have in groups and roles, such as a global administrator and directory readers. From here, you can view additional reports based on the role. These reports are useful for tracking how your Azure is being used and consumed, enabling you to be more efficient. Improved security is a major benefit of Active Roles. To do this, we tap into the core of Active Roles as a delegation engine. This means you can make changes to AD objects, whether that's on-prem or Azure based, with the permissions assigned within Active Roles without the need for admins of AD and Azure AD to have direct permissions in Active Directory. Changes are done simply in Active Roles. This provides more granular control over AD and Azure AD than you would natively receive, while delivering more flexibility and control of all your ADs at the same time. The process is similar to delegating permissions in native AD. In the first example, you use the Active Roles console to delegate control. But there's one extra step to complete before you can delegate permissions, and that is for the enterprise IT group. Once completed, you are given the access templates to apply. Within the access template feature, you can get as granular as necessary. You can choose something as overarching as all objects full control, or you can get right down into the bits and pieces in the attributes that need to be done. These are simply a collection of permissions that are required to make changes to objects in AD. In our second example, we will go into Azure AD and give a user permission to run Read All Contact Attributes, which can be done easily through the Active Roles console. One of the most popular permissions is user full control, which you can delegate right here. This does not give the user permissions to do things in Azure directly, but it grants them permissions to manage Azure through Active Roles. At its core, Active Roles is a delegation engine and bolsters security. Within Active Roles, there are many capabilities, features, and functions that layer together to create a powerful tool, with features such as dynamic group memberships, virtual attributes, and managed units to create a virtual OU that will not lock delegations into the OU structure. Active Directory and One Identity Active Roles are better together. See how you can unify AD management and enhance security and efficiency of a hybrid environment. Learn more at oneidentity.com. [MUSIC PLAYING]