Last Tuesday I had the pleasure of addressing a combined audience of fellow local MVP Pete Calvert‘s Adelaide Windows User Group and the Adelaide System Center User Community. So I thought I’d post the identitygovernancefor-o365 deck from that meeting here, mainly for the benefit of those in the two groups.
Coincidentally, this same week my colleague Shane Day from my company UNIFY’s leadership group posted this article on the topic of the Top 3 Identity Management tips for Frontier Software chris21 users which I thought nicely reinforces the ideas that were discussed at on Tuesday – which (happily) went way overtime with a very engaged group of IT folks.
The angle of my presentation was simply directed to those presiding over a hybrid AD/AAD identity base (hopefully using Microsoft AAD Connect to do so) in order for their workforce to access Office 365 licensed applications like SharePoint, Exchange Online and Yammer. They may also be using federation to provide SSO to other cloud applications like SalesForce.
For any such organisation, improving governance around not only who can logon to your company network, but who has access to what at any given time, should be an ever increasing priority. In my experience your HR platform is not only the best source of accurate employee identity information, but also the best source of the key events which can be harnessed to apply access-related changes to your user identity records – think “joiners, movers and leavers” .
This is not a new concept by any means, but when you look at this in a hybrid identity context you can start to see there really is no limit to the potential of harnessing the HR source to drive downstream application access. Combine this with the workflow capabilities of in identity and access management (IAM) platform such as MIM2016 (the sync engine of which now comes free with your Enterprise Windows Server licenses) and you can start to realize additional automation benefits by combining request with role-based access – such as the assigning of Office 365 licenses based on group membership (see my previous post on how to use AzMan on premises for this).
For those who happen to use chris21 (or perhaps Aurion) HR platform but are not yet ready to take the plunge and build a full scale IAM solution, there is good news for you too! UNIFY has both on premises or cloud (SAAS) offerings that simply allow you to harness your HR system to simply drive your on premises AD, which in turn will drive your AAD via AAD Connect. If this is you I strongly encourage you take a look to find out more.