Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This section provides best practices for identity and access management, security, compliance and governance as you launch a new modernization strategy.
Identity and access management considerations
A modern identity and access management solution helps protect your data and ensure that only authorized users, machines, and applications get access to the right resources, at the right time.
Use single sign-on (SSO) across your applications
SSO simplifies access to your software as a service (SaaS) applications as well as cloud apps and on-premises apps.
- For better integration, make sure that SaaS applications support SSO protocols such as SAML, OAuth, or OpenID Connect.
- Simplify SSO setup using Microsoft Entra ID App Gallery, which lists SaaS applications that are preintegrated with Microsoft Entra ID.
- Support custom integrations for applications not in the gallery using SAML or OAuth to configure SSO manually.
- Give users a seamless login experience using Microsoft Entra ID for consistent authentication across all SaaS apps.
Use Microsoft Entra ID on-premises
To give your employees consistent access to resources, use Microsoft Entra ID, a cloud-based identity and access management service.
- Ensure consistent identity management using Microsoft Entra ID Connect to synchronize on-premises and cloud-based Microsoft Entra ID.
- Implement hybrid identity solutions that give users access to both on-premises and cloud resources with a single set of credentials.
- Support secure remote access to on-premises applications using Microsoft Entra ID application proxy.
Support third-party Microsoft Entra ID
To support more rigorous levels of access control across organizations, use federation to establish trust across a collection of domains.
- Use Microsoft Entra ID federation services to federate third-party identity management with Microsoft Entra ID.
- Make sure that third-party systems support SSO protocols such as SAML or OAuth for integration with Microsoft Entra ID.
- Implement identity federation so that users from third-party AD can authenticate using Microsoft Entra ID.
Use Azure Tenant ID
To extend trust to all the users, services, and devices of your Azure subscriptions, use Microsoft Entra ID.
- Manage multiple Microsoft Entra ID tenants if your organization operates in multiple regions or has distinct business units.
- Help extend secure collaboration across your external partners and organizations using Microsoft Entra ID B2B.
- Make sure to support isolation and governance for each tenant to maintain security and compliance.
Security considerations
These security best practices help get you started.
- Set up multifactor authentication (MFA) to help enhance security for all SSO integrations.
- Set up conditional access by enforcing security requirements based on user location, device state, and risk level using Microsoft Entra ID Conditional Access policies.
- Detect and respond to identity-based threats using Microsoft Entra ID Identity Protection.
For more security guidance, consider Security in the Microsoft Cloud Adoption Framework for Azure and cloud security benchmarks.
Compliance and governance considerations
You can use Microsoft Entra ID and other tools and services to enforce and automate your organization's compliance and governance decisions.
- Ensure all identity and access management practices comply with industry standards and regulations.
- Use Microsoft Entra ID audit logs and reports to monitor access and detect anomalies.
- Enforce governance policies across your Azure environment using Azure Policy and Azure Blueprints.
Next steps
Get started with the next phase and lay the foundation for application modernization.