Managing Identities in a Hybrid World

Posted on September 9, 2016 by bobbradley1967

Last Tuesday I had the pleasure of addressing a combined audience of fellow local MVP Pete Calvert‘s Adelaide Windows User Group and the Adelaide System Center User Community.  So I thought I’d post the identitygovernancefor-o365 deck from that meeting here, mainly for the benefit of those in the two groups.

Coincidentally, this same week my colleague Shane Day from my company UNIFY’s leadership group posted this article on the topic of the Top 3 Identity Management tips for Frontier Software chris21 users which I thought nicely reinforces the ideas that were discussed at on Tuesday – which (happily) went way overtime with a very engaged group of IT folks.

The angle of my presentation was simply directed to those presiding over a hybrid AD/AAD identity base (hopefully using Microsoft AAD Connect to do so) in order for their workforce to access Office 365 licensed applications like SharePoint, Exchange Online and Yammer.   They may also be using federation to provide SSO to other cloud applications like SalesForce.

For any such organisation,  improving governance around not only who can logon to your company network, but who has access to what at any given time, should be an ever increasing priority.  In my experience your HR platform is not only the best source of accurate employee identity information, but also the best source of  the key events which can be harnessed to apply access-related changes to your user identity records – think “joiners, movers and leavers” .

This is not a new concept by any means, but when you look at this in a hybrid identity context you can start to see there really is no limit to the potential of harnessing the HR source to drive downstream application access.  Combine this with the workflow capabilities of in identity and access management (IAM) platform such as MIM2016 (the sync engine of which now comes free with your Enterprise Windows Server licenses) and you can start to realize additional automation benefits by combining request with role-based access – such as the assigning of Office 365 licenses based on group membership (see my previous post on how to use AzMan on premises for this).

For those who happen to use chris21 (or perhaps Aurion) HR platform but are not yet ready to take the plunge and build a full scale IAM solution, there is good news for you too!   UNIFY has both on premises or cloud (SAAS) offerings that simply allow you to harness your HR system to simply drive your on premises AD, which in turn will drive your AAD via AAD Connect.  If this is you I strongly encourage you take a look to find out more.

Advertisement

About bobbradley1967

Microsoft Identity and Access Professional with 2 decades of successful IAM implementations in APAC, specialising in MIM and its predecessors (FIM/ILM/MIIS) and now with SoftwareIDM. A Microsoft IAM MVP prior to that with a background in MS.Net applications development/SI. Now with a particular interest how Identity and HyperSync Panel provide the Identity and Access orchestration presently missing in the Azure Entra Suite to effectively enforce Zero Trust on the M365 platform.
This entry was posted in Azure AD Connect Sync, Event Broker for FIM 2010, MIM (Microsoft Identity Manager) 2016, UNIFY Broker PLUS. Bookmark the permalink.

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.