Cloud services pose new challenges. Traditionally, users do the following:
- Only access the organization's resources inside the organization's network perimeter
- Only access the organization's services, which are hosted on the organization's hardware
With cloud services, enterprise mobility, bring-your-own-device objectives, and the consumerization of IT, all that has changed. Users are accessing a variety of services from a multitude of vendors from both company-owned and personal devices. Identity is the new security perimeter for companies since it is the ultimate key to access.
From a cloud service perspective, identity defines who users are, what permissions they have, and what they can do with these permissions. With that, organizations need to plan how to protect users wherever they are.
As we have discussed throughout this book, Microsoft 365 already includes a directory service called Azure Active Directory (AAD). Azure Active Directory stores the identity information for your Microsoft 365 tenant. AAD has several features that can be planned and deployed to further improve an organizational security stance, such as the following:
- Users and attributes
- Groups
- Permissions
- Audit logs
- Credential management
Let's look at each in more detail.