Using Azure AD for user automation

I make extensive use of Azure AD to manage the users in my MSP. We hold ourselves to a higher security standard than most of our clients because we have access to many companies. Attackers have shown that MSPs are a huge target.

See: MSP’s must do a security audit – Ultimate Support for IT Pros – ThirdTier

Internally we use Azure AD P2 features to manage ourselves and automate employee permission and application assignments. I’ll be making a presentation on this topic several times in the coming year and writing about each item in detail. Meanwhile, here’s a bullet point summary.

  • User profile fields are populated with specific key words
  • Dynamic group trigger by account and one of those words
  • Licenses assigned to the group
  • Application packages assigned to the group
    • Catalog of apps are installed and assigned
  • Any device used to manage clients are restricted
    • Must be Windows
    • Must be joined to Azure AD
    • Must be in the USA
    • Must be current OS patch level and version
    • Must have Defender
      • Defender rules are applied
    • Endpoint Manager configurations are applied
    • Attack surface reduction rules are applied
    • Conditional access is applied
    • Cloud App Security management occurs

All of these things occur automatically and are triggered by simply creating a user account.

All we do is support IT professionals. Microsoft 365 technical assistance, Super Secret News, Security community, MSP Legislation community, EndPoint, Defender and Lighthouse community, Peer groups, Kits, papers, Business consulting and more.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.