Solutions for External Access (part 1 of 3)

By Ashwin Venugopal -

 










To read part 2, please click here
To read part 3, please click here








Azure AD B2B Guest User Access Explained

Azure AD Business-to-Business (B2B) collaboration helps you to safely share your company's applications and services with the guest users from any other organization while also maintaining control over your own corporate data. Your company's resources can be easily accessed by a simple invitation and redemption process so that the partners can use their own credentials for the same. Azure AD B2B APIs can be used to customize the invitation process or write applications such as self-service sign-up portals. 

Collaborate with any partner using their identities

The partners can use their own identity management solution with the help of Azure B2B so that there is no external administrative overhead for your organization. Other attributes are:

  1. The partners uses their own identities and credentials, hence Azure AD is not needed.
  2. You don't have to manage external accounts or password.
  3. You don't have to sync accounts or manage account lifecycles. 

Invite guest users with simple invitation & redemption process

Guest users can sign in to your apps and services with their own work, school, or social identities but if they don't have a Microsoft account or an Azure AD account, then, one can be created after the redemption of their invitation. Other attributes are:
  1. Invite guest users with the help of email identity of their choice.
  2. Send a direct link to an app, or send an invitation to the guest user's own Access Panel.
  3. Guest users follow a few simple redemption steps to sign in. 

Use policies to securely share your apps & services

Authorization policies can be used to protect your corporate content and Conditional Access policies like multi-factor authentication can be enforced:
  1. At the tenant level.
  2. At application level.
  3. For specific guest users to protect corporate apps and data.

Easily add guest users in the Azure AD portal

You can easily add guest users to your organization as an administrator in the Azure portal.
  1. Create a new guest user in Azure AD, similar to how you'd add a new user.
  2. The guest user immediately receives a customizable invitation that lets them sign in to their Access Panel.
  3. Guest users in the directory can be assigned to apps or groups.  











To read part 2, please click here
To read part 3, please click here



























Comments

Post a Comment

Popular posts from this blog

Deployment (Part 3)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 2, please click  here Microsoft Monitoring Agent (MMA) MMA is used across multiple Microsoft solutions and has undergone a few name changes as its features and functionality have evolved. If it is being considered to be used, then following areas should be covered during a Microsoft Sentinel deployment project: Consider the timelines and the strategy for a migration to AMA (Azure Monitor Agent) before the MMA end-of-life.  Consider the central deployment and management methodology for MMA. Determine which endpoints are in scope for deployment as these affect the log ingestion volume significantly.  Azure Monitor Agent (AMA) Organizations with MMA as the main Microsoft Sentinel agent should start planning the migration to AMA as soon as possible to avoid a rushed migration. One of the main advantages of AMA is the ability to control the log collection policy centrally and apply different policies against different...
Read more

Deployment (Part 1)

By Ashwin Venugopal -
Image
  To read part 2, please click  here To read part 3, please click  here Azure Resources Microsoft Sentinel needs following resources to be created: Subscription (if a dedicated subscription(s) will be used) Resource group(s) Log Analytics workspace(s) Automation rules/playbook Alert rules Workbooks Microsoft Sentinel offers hundreds of alert rules, workbooks, and automation playbook templates along with hunting scripts. The templates can be used to activate/deploy schedule alerts, create customized dashboards, create automation playbooks and perform threat-hunting activities. Generally, once deployed, the resources created have to be adjusted to match the existing environment, configure local credentials, etc. Methods of deployment: Manual- Administrator can manually configures the Microsoft Sentinel resources with the help of Azure portal. Any manual process has the inherent risks of human operator error, lack of compliance with potential change control procedures, and u...
Read more

Deployment (Part 2)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 3, please click  here Microsoft Sentinel Content Hub Content in Microsoft Sentinel includes any of the following types: Data connectors offer log ingestion from different sources into Microsoft Sentinel. Parsers give log formatting/transformation into ASIM formats, supporting usage across various Microsoft Sentinel content types and scenarios. Workbooks provide monitoring, visualization, and interactively with data in Microsoft Sentinel, highlighting meaningful insights for users.  Analytics rules give alerts that point to relevant SOC actions via incidents.  Hunting Queries are used by SOC teams to proactively hunt for threats in Microsoft Sentinel. Notebooks help SOC teams in using advanced hunting features in Jupyter and Azure Notebooks. Watchlists support the ingestion of specific data for enhanced threat detection and reduced alert fatigue.  Playbooks and Azure Logic Apps Custom Connectors provide featu...
Read more