It’s another great reason to migrate your application authentication model to Azure AD.
Azure Active Directory (Azure AD), Microsoft’s cloud-based identity and access management service provides Office 365 customers with a robust IDaaS solution. As a cloud alternative to Active Directory Federation Services (ADFS), it provides secure sign-in and access for resources in Office 365, the Azure portal, and thousands of third-party SaaS applications. A premium subscription to Azure AD can also provide secure sign-in for internal resources, such as applications on the corporate network and intranet, in addition to cloud apps that have been developed internally.
Without a premium subscription, single sign-on was limited to 10 apps per user under the “office apps” functionality of Azure AD. Customers with subscriptions to Office 365, regardless of the subscription level, were subject to this limitation. That changed on April 30th when Microsoft announced that single sign-on with Azure AD is now available for an unlimited number of applications at no extra cost. This applies to apps available in the Azure AD gallery, non-gallery apps, apps using OpenID Connect (OIDC), Security Assertion Markup Language (SAML), or password SSO (also known as password vaulting).
The only criteria to take advantage of this feature is that you are subscribed to a commercial online service. These include Azure, Office 365, Dynamics and Power Platform. With the earlier announcement that multi-factor authentication (MFA) along with the security defaults baseline of security policies is also free across all Azure AD pricing tiers, customers can be assured that their organization identities and applications will be protected.
Benefits of Migrating to Azure AD
For many organization that have continued to use on-premises federated identity providers such as ADFS, Ping Identity, Hitachi ID because of the prior ten app limit, this is a good time to assess your application inventory and determine whether or not migrating your application authentication posture to Azure AD makes sense for your organization. Some of the benefits of migrating include:
- Azure AD provides a single control and security plane for identity and access management
- A single control plane makes adopting a *Zero Trust security model much simpler
- Benefits to cost management, risk management, productivity, compliance and governance
Microsoft’s Application Activity Report
Understanding which applications are compatible with Azure AD and identifying the specific migration steps you need to take can be time consuming. Microsoft is providing the ADFS application activity report, currently in public preview, to assist in assessing your application portfolio. This report can help you quickly identify which of your applications are capable of being migrated to Azure AD. It does this by providing an assessment of those applications as to whether or not they are compatible with Azure AD, checks for any issues and can provide guidance on preparing individual applications for migration.
With free single sign-on and MFA with Azure AD, many organizations should begin looking at their application authentication model and determine whether migrating to Azure AD authentication makes sense. Microsoft is making it simpler for organizations to conduct an assessment of their application portfolio and is providing guidance for organizations ready to modernize their identity and access management posture.
*Want to learn more about Zero Trust security? Register for our May 19th webinar here.