This blog is part of a series relating to the Microsoft IT Implementer group, the goal of which is to bring more focus and help to the IT Pro/IT Implementer audience when discussing cloud technologies. We’ve worked with a select group of Microsoft MVPs to put together a new blog series covering the biggest industry talking points and tribulations.
The below article comes straight from MVP and strategic technology professional, Kenny Lowe. Before you get started, we’d like to extend our gratitude to you, our tech community members, for your ongoing insights. Keep feeding back to our MVPs and keep checking back on our Tech Implementer homepage to stay up to date with the latest news and developments.
The world today is awash with tips and tricks on how to do things faster, better, and more efficiently. Websites like LifeHacker, subreddits like /r/lifeprotips and /r/lifehacks, and a whole host of similar sites, Twitter accounts, and Facebook pages exist solely to help you make your life better. These life hacks can range from the inspired…
To the more dubious and hot‐glue filled…
To the slightly less ethical…
In this blog post, I’ll be sharing a life hack of my own. Something simple, secure, and sensible – perfect for IT pros looking for quick wins in the cloud. Read on, and you’ll pick up some practical benefits of a practical cloud in no time.
One of the greatest benefits of cloud services is their time to value. This goes double for Software as a Service (SaaS). The fact that you can go from zero to up and running in minutes (remember when it used to take months?) has led to an explosion of SaaS tools and applications. But the rise of SaaS has a dark side. Shadow IT – the practice of people or entire departments setting up their own SaaS apps without the knowledge or consent of the IT department – is growing.
Here’s a story. I knew a marketing team who signed up for a marketing automation platform with the head of department’s credit card. They thought they’d found their very own life hack. And things went great. For a time. The tool became integral to the way the marketers worked. But it wasn’t without its problems. Support, security, data residence, GDPR, and more were left unmanaged and disorganised. Simply because the new tool hadn’t gone through IT governance. So here’s a question. Who was at fault? The marketing department that hacked its way to working more effectively than ever? Or the IT department that just wanted to keep everyone and their data and devices safe?
IT’s role should not be to prevent access to tools like this, but to enable them within the bounds of corporate IT governance. So how do you do it? Is there a hack for that? When looking to bring SaaS apps under control, you’re trying to find what they have in common so you can build a common framework around them. One element that nigh on every SaaS application has in common is some form of user identification, and it’s here that you’ll find one of the largest headaches in management. On‐premises, everyone understands user management and lifecycles. We’ve had Active Directory for the better part of 20 years now, and we’re far from the only ones. It’s used around the world, across industries and businesses of all sizes.
Application integration with Active Directory on‐premises is also well understood, with most corporate applications offering some form of integration. This makes it really quick and easy to provision access to an app when a new user joins or remove it when a user leaves. This is typically not so in the SaaS space. And even if apps do offer integration back to your on‐premises Active Directory, there are often firewall holes to poke or Active Directory Federation Services infrastructures to deploy and manage. So you’re facing additional management overhead.
But there is a way to extend simple application management to the Cloud.
I think Azure Active Directory might just be one of the most under‐used tools in the cloud space. Just as Active Directory is ubiquitous on‐premises, so too is its Azure counterpart in the cloud. Every organisation using Office 365 is already using Azure Active Directory, and typically as an extension of their on‐premises service, keeping the existing user management and lifecycle story in place.
So that’s it. My top tip for enabling employees to pick their own apps – and for you to keep them safe. And like any great life hack, it’s quick and easy to put it into practice.
Even if you’re not using Office 365, Azure Active Directory can be deployed for free without any other Microsoft Services. Azure Active Directory free edition has over 3,000 SaaS apps pre‐validated for single sign on. Sign in and discover them all at https://aad.portal.azure.com. Or watch this video to see just how easy it is to get started with an example app – GitHub.
