Managed Identity in AzureAD:

This project is about managing identity in Azure of small organization that is Pure Cloud.

Use Case: Pure Cloud Identity and Access Management was the default standard of organization. This did however lead to many problems such as:

• No on-prem Active Directory.
• No group policy.
• Smaller database of attributes to work with.
• There is no LDAP.
• Flat directory sturcture no OU's or forests.
• No Active Directory services such as LDFS / ADFS / DNS / DHCP / Hyper-V / IIS.

In order to address concerns around the identity the following areas had to be addressed.

• Single-Sign On
  • XML authenication to apps that have Azure plugin or no plugin
• Multi-Factor Authentication
  • 2FA code prompt
  • Conditional Access
  • User Lifecycle involving SCIM/JIT
  • Azure MFA with modern authentication
• Attribute Based Access Control (ABAC)
  • Dynamic Security groups based on attributes
• Priviledged Identity management
  • Just-In-Time access to administrative permissions

Lessons Learned:

• Azure AD can't really replace AD and needs additional tools to be functional.
• Smaller database of attributes means hitting limits on attributes used in security groups.