To implement a Microsoft Intune device management solution and still allow Tetra Shillings employees to use their existing on-premises Active Directory credentials to log onto the local network, Azure AD Connect can be used. Azure AD Connect is a tool that synchronizes on-premises Active Directory with Azure AD. This allows users to use their on-premises Active Directory credentials to log into Azure AD and access resources in the cloud. Once the synchronization is set up, users can use their existing credentials to sign into their devices and access resources on the local Active Directory network.
Azure Active Directory and Intune offer various controls and methods for controlling access to resources. Azure AD provides identity and access management capabilities such as conditional access, multi-factor authentication, and role-based access control. Intune allows the administrator to enforce device compliance policies, control access to company data, and secure email and other corporate apps on mobile devices. These controls can be applied to devices enrolled in Intune, ensuring that only authorized users can access company resources.
Intune offers several methods to detect when user accounts get compromised, including:
Conditional access policies: Intune allows administrators to create conditional access policies that can detect when a user account has been compromised based on various conditions such as location, device, and sign-in risk. If a policy violation is detected, the user can be prompted for additional authentication or access can be denied.
Device compliance policies: Intune can check devices for compliance with security policies such as encryption, passcode requirements, and device health. If a device is found to be non-compliant, access can be blocked until the issue is resolved.
Microsoft Defender for Identity: This is a cloud-based service that uses machine learning to detect suspicious activity and potential threats in real-time. It can alert administrators when a user account has been compromised and provide recommendations for remediation.
To prevent compromised credentials from being used to access the network, the following actions can be taken:
Enforce strong password policies: Intune allows administrators to enforce password policies such as length, complexity, and expiration. This can prevent attackers from guessing or cracking weak passwords.
Implement multi-factor authentication: Multi-factor authentication adds an extra layer of security by requiring users to provide additional information, such as a code sent to their phone or biometric data, to verify their identity. This can prevent attackers from using stolen credentials to access resources.
Monitor and respond to security events: Azure AD and Intune provide logs and alerts for security events. Administrators should regularly monitor these events and respond promptly to any suspicious activity.
Educate users: Employees should be educated on the importance of strong passwords, phishing prevention, and other security best practices to prevent attacks on their accounts.