Microsoft® Azure Active Directory® (Azure AD or AAD) has become a popular choice among IT admins looking to extend their AD credentials to select web applications and Azure infrastructure.
Those looking to introduce a web application SSO platform to their organization may find value in AAD for its ability to manage users and their access to certain web applications. However, for IT teams looking to utilize Azure AD for the purpose of logging and reporting events across their IT resources, AAD may not be the perfect fit.
Below, we’ll discuss Azure AD’s capabilities to help organizations meet compliance standards and troubleshoot their infrastructure, as well as options for admins looking for a comprehensive event logging solution.
Microsoft’s cloud-based identity management platform, Azure AD, is offered at four different pricing tiers. The “Free” tier comes with the purchase of an Office 365™ license or a subscription to the Azure platform. At its most basic, Azure AD offers audit logs for IT teams to evaluate their organization, including adding/removing users, applications, and roles within Azure AD.
If organizations choose to upgrade their Azure AD to either Premium P1 or Premium P2 tiers, they can access sign-in activity reports that provide information on the who, when, and where of users signing in to Azure AD. Beyond that, AAD provides security logs that flag suspicious users (i.e. a user tries to sign in with an expired account) and suspicious login attempts.
Overall, Azure AD’s event logging is ideal for organizations leveraging Windows® systems and applications hosted through Azure’s infrastructure, as AAD’s event reporting records those particular items. If organizations are looking to record event data for their networks (both wired and wireless), systems outside the Windows domain (such as macOS® and Linux®), or applications not hosted in Azure or connected through AAD, they may require an additional solution for auditing and compliance or troubleshooting.
Auditing & Compliance
Organizations looking to use Azure AD to meet auditing and compliance standards need to first understand what events/infrastructure need to be evaluated for auditors. Companies both large and small need to meet varying compliance standards, including HIPAA, PCI, and SOC 2 Type 1 or 2, among many others, depending on which industry they belong to.
These requests can be broad, covering all events from particular areas of the IT infrastructure, or specific to the activity of each user or admin. In the case of Azure AD, IT teams can quickly gather event logs relating to users, their pre-integrated applications, and their Windows-centric systems. However, organizations utilizing resources outside AAD’s domain will require additional solutions for other systems, networks, on-prem applications authenticated via LDAP, file servers, and more.
Event logs provide meaningful data on users, their actions, their systems, their applications, and their networks. This can be especially useful for IT teams looking to quickly and efficiently diagnose a problem within their IT infrastructure, as event logs can point admins to which users, systems, or applications contributed to the issue.
Unfortunately for most, visibility into all networks, systems, applications, and files is required to fully troubleshoot their IT infrastructure. Having Azure AD address part of the picture can work for some organizations, but many IT teams ideally want a holistic view into the entirety of their organization’s activity.
A Holistic Approach to IT Management
Azure AD is useful for those looking to manage user access to web applications and Azure infrastructure, but for those wanting total insight into their IT environment, Azure AD may lack key components. There is an option for IT admins to bridge Azure AD with a legacy directory service (such as Active Directory) that offers more extensive event logging, but that can be costly and ultimately difficult to maintain or implement.
For organizations looking for a holistic solution to system, user, and network management from the cloud, JumpCloud® Directory-as-a-Service® (DaaS) may be the ideal choice. As the first cloud-based directory service, DaaS provides events data from a single console, providing IT teams with the ability to monitor, command, and automate their resources. This centralized approach provides IT teams with a comprehensive look into what’s transpiring in their organization so they’re never left feeling like they aren’t seeing the entire picture of their infrastructure, including users, machines, applications, networks.
In addition, DaaS leverages built-in cloud RADIUS, cloud LDAP, SAML 2.0, cross-platform system management, and server management so admins can leverage secured control over their legacy and cloud-based infrastructure.
Interested in a cloud-based directory service that tells you the who, what, when, where, and why of your IT infrastructure? Feel free to reach out for a personalized demo to see DaaS in action.