{"id":10546,"date":"2023-10-30T08:13:26","date_gmt":"2023-10-30T15:13:26","guid":{"rendered":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?p=10546"},"modified":"2023-11-07T11:28:25","modified_gmt":"2023-11-07T19:28:25","slug":"managing-user-identities-and-secure-access-at-microsoft","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/insidetrack\/blog\/managing-user-identities-and-secure-access-at-microsoft\/","title":{"rendered":"Managing user identities and secure access at Microsoft"},"content":{"rendered":"
[Editor\u2019s note: This content was written to highlight a particular event or moment in time. Although that moment has passed, we\u2019re republishing it here so you can see what our thinking and experience was like at the time.]<\/em><\/p>\n Managing identities and network access at Microsoft encompasses all the processes and tools used throughout the identity life cycle for employees, supplier staff, and partners. As a cloud-first company, our Microsoft Digital Employee Experience (MDEE) team uses features in the Microsoft Enterprise Mobility + Security suite, powered by Microsoft Azure, along with on-premises identity and access management solutions to enable our users to be securely productive, from anywhere.<\/p>\n We\u2019re on a multi-year journey of transforming into a cloud-first, mobile-first enterprise. Though we operate in a hybrid cloud environment today, we\u2019re moving on-premises identity technologies to the cloud, giving our employees flexibility they need. Plus, application owners can use the power of Microsoft Graph<\/a> to effectively manage access to applications and resources.<\/p>\n [See how we\u2019re implementing strong user authentication with Windows Hello for Business<\/a><\/em>.\u00a0Learn more about verifying identity in a Zero Trust model internally at Microsoft.<\/a><\/em>\u00a0Unpack implementing a Zero Trust security model at Microsoft.<\/a>]<\/em><\/p>\n To enable a single user identity for authentication and offer a unified experience, we integrated on-premises Windows\u00a0Server Active\u00a0Directory forests with Microsoft Azure Active Directory (Azure AD). Our geographically distributed Active\u00a0Directory environment uses Windows Server 2016. We use Azure\u00a0AD\u00a0Connect and Active Directory Federation Services (AD FS) when an Azure-based application needs user attributes\u2014for example, their location, organization, or job title. User information is available if the service has the right permissions to query for those attributes.<\/p>\n As shown in the image below, our identity and access environment is hybrid, federated, and cloud-synced.<\/p>\nUnifying the environment<\/h2>\n