For many organizations, migrating many, if not all, of their applications to the cloud makes sense. Cloud computing offers enhanced security and stability, helps reduce costs, and provides for greater scalability and flexibility for companies large and small.
Still, for some business sectors, such as financial services, adoption to the cloud has been slower due in part to legal and regulatory compliance requirements. How can industries with a slower adoption curve take advantage of some of the security benefits of the cloud? One way is by adopting a hybrid authentication model using Microsoft Azure Active Directory as the center of the model.
First, a few definitions:
Modern authentication is an umbrella term used to describe a combination of authentication and authorization methods between a client (e.g., an endpoint device like a laptop or mobile device) and a server. Layered on top are additional security measures that rely on access policies, like Microsoft’s Conditional Access.
Authentication methods include enhanced security measures like multi-factor authentication, smart card authentication and client certificate-based authentication.
Authorization methods are those provided by Microsoft’s implementation of the Open Authorization (OAuth) authorization standard.
Conditional access policies include Mobile Application Management and Azure Active Directory Conditional Access.
With these components combined, managing user identities with modern authentication gives administrators many different tools and options to use when it comes to securing your on-premises Exchange and Skype for Business deployments, hybrid Exchange and Skype for Business hybrid/split-domain scenarios. You can now move away from legacy authentication protocols, which are the primary attack vectors used to compromise systems and take advantage of the power of the cloud and modern authentication models without having to move all of your resources ahead of your schedule.
Hybrid Modern Authentication
In a hybrid modern authentication model, Azure Active Directory becomes the centralized authentication server for on-premises Exchange and Skype for Business resources. Hybrid Modern Authentication enables Exchange to consume OAuth access tokens issued by Azure AD. This allows Exchange to take advantage of enhanced security features like multi-factor authentication and conditional access and enables organizations to move away from less secure legacy authentication protocols like basic authentication and Exchange ActiveSync.
If your road map to full cloud adoption is in the slow lane because of legal, regulatory or for other reasons, consider taking advantage of hybrid modern authentication for your on-premises Exchange and Skype for Business resources. The requirements to adoption are not steep for many organizations already taking advantage of existing Microsoft cloud workloads and the security benefits are well worth the effort.