Azure Partner Community: Azure Active Directory Management, Monitoring, and Reporting

Welcome to part 3 of this month’s Azure Partner Community blog series.

• Read Part 1 and read Part 2 of the series
• Register for the August 20 community call
• Sign up for the Azure Partner email newsletter
• Join the Azure Partners group on Yammer

	by Jonathan Gardner US Partner Technology Strategist for Microsoft Azure

In discussions with partners over the past few months, my Partner Technology Strategist colleagues and I have heard that Azure Active Directory is a topic that partners want us to address in our Azure Partner Community blog series and calls. Today’s post is part 3 in the August series, and covers management, monitoring, and reporting. I’ll provide a description of each, explain how each fits into your practice, and connect you to resources where you can learn more.

Overview

Azure Active Directory provides user and access management in the cloud that can secure access to both on-premises and cloud applications. While many companies begin using Azure Active Directory with their Office 365 account, there are advanced functions like Multi-Factor Authentication and Single sign-on that add considerable security benefits.

Management

There are many ways to manage Azure Active Directory, depending on the implementation. Azure Active Directory can act as a standalone authentication provider or be synchronized with an on-premises Active Directory forest. The way an organization utilizes Azure Active Directory will determine how they manage it. If AAD is used as a standalone authentication provider, the web portal or PowerShell can be used to perform Windows Active Directory operations against it. If the organization is syncing users to AAD through AAD Connect or Federation, changes to users will be made to the user record and they will be updated in AAD. In a sync or federation scenario, self-service password reset through AAD does allow for write-back from AAD to the on-prem AD. To connect Azure Active Directory and Active Directory, use Azure AD Connect.

Monitoring

Monitoring an identity environment has many facets. For organizations that use AAD sync or Federation, the connection between their on-premises environment and the cloud is vital. Earlier this year we released Azure AD Connect Health to help administrators ensure a reliable connection to AAD, and deliver insight into other aspects of the organization’s identity management.

Monitoring is only part of the story, though. AAD Connect Health also has email reporting built in to provide notifications to administrators in the event an alert is triggered. Alerts can be delivered to the global administrator or any number of defined email addresses. More information about AAD Connect Health can be found here.

Organizations looking for deeper insight in their AD environment, both on-premises or in the cloud, will be interested in Operations Management Suite (OMS) and the new Active Directory Assessment Intelligence Pack. This tool uses logic, machine learning, and organizational data to provide an assessment of how Active Directory is being used makes recommendations to remediate any issues it finds. All of this information is surfaced on a centralized cloud dashboard like the one in the image below. OMS allows organizations to be proactive with their Active Directory management.

Reporting

Azure Active Directory has quite a few reports built in to the service. These reports provide administrators information about how AAD is being used. While the standard reporting provides security relevant information like sign-ins from multiple geographies and account provisioning activity; the reports available to AAD Premium subscriptions go deeper. These reports include things like sign-ins from possibly infected devices, users with leaked credentials, password reset activity, and more. All of these reports are available through the Azure portal and outlined in the table below. The documentation provides more detail about what is in each report. A top request for AAD reporting is the ability to programmatically access them. The AAD team has started working on this through the AAD Reporting API. This provides a platform for our partners to help their customers create the right reports for them.

What’s in it for you

Beyond deployment services, there are many opportunities for partners with management, monitoring, and reporting of Azure Active Directory. Proactive monitoring of Active Directory is not something that most organizations do well, and you could build a managed services offering that provides this to customers. Identity is the backbone of access to an organization, and can also be the most valuable. An opportunity I see for an Intellectual Property (IP) services offering is utilizing AAD and Azure Machine Learning to create customized assessments for industry verticals. If your company has unique institutional knowledge about an industry with very specific identity requirements, capitalize on that. While we have built generalized assessment and guidance into the Operations Management Suite, customized reporting and guidance through the AAD Reporting API opens up a huge partner opportunity.

Getting started

Throughout this post I have included links to documentation and other resources for getting started with each aspect of Azure Active Directory management, monitoring, and reporting. Here are additional recommendations:

Microsoft Virtual Academy: Getting Started with Microsoft Azure Active Directory

Microsoft Virtual Academy: Azure Active Directory Core Skills Jump Start

Azure Active Directory: Identity Management as a Service for Modern Applications

Azure Active Directory Connect: Express Settings

Azure AD Connect Health : Monitor your identity bridge

Azure Active Directory Reports

Azure Operational Insights – Overview