Azure AD – Cloud App Discovery and leveraging your existing Azure Active Directory Tenancy

What is Azure AD?

One of the pain points I find customers can have when managing multiple Cloud services across their organisation is being able to manage the multiple ways end users sign into those Cloud services. There is an assumption from the end user that these multiple logins will be supported and catered for by the internal IT department in some capacity, which can lead to yet another stack of applications for IT to support and manage.

However, what many Office 365 customers do not realise is that through synchronizing on premise Active Directory with Office 365 for SSO services, they actually have already established an Azure Active Directory tenancy which can then be utilised for over 2000 Cloud services outside of the Microsoft Product set.

Even without an Azure Active Directory Premium subscription, that same Azure AD tenancy used by Office 365 can be utilised for Single Sign On services for around 2400 SAAS Applications, such as BOX, Dropbox and Salesforce.

So the big question is – with that available for free, what would I actually get by subscribing to the premium service? Let’s have a look:

  • Self-service password reset portal (yes, even to on premise AD accounts)
  • Multi Factor Authentication for many applications supported by Azure AD, including Office 365
  • Advanced Security Reporting
  • Cloud App Discovery

So today, we’ll take a look at the newest addition to the Azure AD Premium stack; Cloud App Discovery.This tool was announced as GA at this year’s Microsoft Ignite and is a fantastic addition to the Premium stack.

So what does this app do? well, if we backtrack to the expectation of managing the multitude of consumer SAAS applications out there, one of the other pain points in the modern IT world is that as cloud services become more accessible at a consumer level, they generally will begin to bleed into the corporate network. So while IT is expected to support the multiple SAAS app signins they’ve deployed, there is also an unknown quantity of SAAS applications that have been brought in by the end user, espcially where using a BYOD policy in the workforce.

Generally, the assumption that a few Cloud based storage applications like Dropbox or Box may be the norm. However, now we can finally get some definitive clarity of whats being used by users on the corporate network through the use of the Cloud App Discovery tool. What we’ve generally seen ending up happening is we find there are many, many more SAAS applications that the end end user may be using to perform their work.

Azure AD Cloud App Discovery

App discovery is an agent based report that will discover and report to the central Azure AD website, reporting on the apps discovered on end user machines, which users are using those applications as well compatibility with Azure AD SSO Services. The agent can be deployed via Group Policy, Configuration Manager or any other deployment product that supports the MSI format.

Cloud App Discovery reports can be drilled into per application, showing the number of web requests and the volume of data that is being used by the application across your network.

One of the coolest tricks of the Cloud App Discovery tool is that if compatible applications are discovered within the CAD report, these applications can then be attached to Azure Active Directory for Sign On Services through the same report. These applications can then be secured further through the addition of Multi Factor Authentication through the use of the Azure Authentication App.

This technology can finally start to help IT departments out there answer part of the age old question “how do I actually tell what is on my network and then secure it?!” without a significant infrastructure or hardware cost.

Next time, we’ll dig a little deeper and go through a tutorial, to show just how easy it is to setup.

If you would like to speak to TD about Azure Active Directory, Cloud App discovery,or any other Microsoft technology, contact us today