Historically, as we have moved from on-premises directories to the cloud, the identities have been ‘homed’ or sourced from the on-premises directory. Now, as more services and users are internet-based or internet-first, there is reduced reliance on the on-premises directory for authorization.
The concept of Identity Inversion, or ‘AD as an App,’ is that we move from homing accounts in on-premises AD to homing those accounts in Azure AD. Accounts that then require access to applications or resources that are on-premises would have an on-premises account provisioned.
Moving the center of identity and authentication away from on-premises directories provides many security and operational benefits, including limiting the possibility of accounts being accidently provisioned to Azure AD with privileged access.
In this webinar recording, OCG Principal Architect Mark Riley explores:
- Treating our AD domains as an app
- Provisioning users as needed and removing when access is no longer required
- Privileged Account Management via just-in-time provisioning
- The security benefits of the model