[MUSIC PLAYING] Hi my name is Alvaro Vitta. I'm a principal solution architect with Quest. O365 adoption is growing rapidly. About a million subscribers a month are moving their on-prem application workloads from back-office Microsoft applications to O365. Why do organizations move to the cloud? Because they want to reduce infrastructure. They want to reduce licensing. They want to reduce patching. They want to reduce their server footprint. They want to empower their workforce to operate from anywhere, from any device. They want to increase its scalability and business continuity.
What about Azure Active Directory? What is this Azure Active Directory that everybody talks about? It turns out that O365 requires an Azure Active Directory instance. Azure Active Directory is underneath. It's the foundation for authentication and authorization to any O365 application. Azure AD provides the directory service for O365 applications. It's analogous to when Active Directory itself required to be in place before you put exchange on-prem on top of it.
Azure Active Directory integrates with on-prem Active Directory, creating what is called a hybrid Active Directory environment. It turns out that, according to Microsoft, about 75% of organizations with more than 500 employees are syncing their on-prem accounts to their Azure AD slash O365 environments. Why? Because they've had these Active Directories in their organization for years. They've integrated applications. They've integrated processes. So they cannot just uplift Active Directory and just plug it into the cloud. They have to sync the existing users groups and passwords between on-prem and the cloud environment.
So Active Directory is essentially, for these organizations, still the primary authentication and authorization source of access to the cloud-based applications in this type of a setup.
So what is a hybrid directory environment? So in a hybrid directory environment what you have is you have your on-prem resources, here on the left, you have your cloud-based resources, here on the right, and that's, as we spoke about Azure Active Directory, you have O365 locations, but also all of the more than 2,800 applications that are clouding able through your Azure AD account that are also in the ecosystem. In the cloud ecosystem in the Microsoft Azure cloud. Then you have something in the middle called Azure AD Connect. And what Azure AD Connect allows you to do is it allows you to sync your users, your groups, your attributes, and your passwords for on-prem Active Directory to Azure AD and, in turn, all of the other applications that reside on O365 and the extended applications that are on the Microsoft cloud.
So when a user logs on and uses their user credentials on-prem and/or are using a group on-prem and the group membership is synced to the cloud, the Azure AD cloud, everything is decided based on the on-prem controls that you have. So what are the security concerns in this type of a setup. This hybrid Active Directory environment setup. Well, you're only as secure as your weakest link. Microsoft has done an incredible job in providing and investing in security controls for your cloud-based resources in O365 and around Azure and Azure AD. However, your on-prem environment is still managed by you. And you don't have the same kind of resources that somebody like Microsoft has. So for kind of resources, you're on your own.
So what this means is that because Active Directory is the authoritative source for authentication and authorization, everything that you do or don't do on the on-prem environment, will automatically replicate to Azure AD and O365 applications. So you're only as secure as your Active Directory environment security controls are.
So some of the different hybrid directory scenarios that you should think about is, for example, if I add an employee to a group called finance on-prem. When replication occurs to Azure AD in O365 and I have, let's say, some resources sitting on SharePoint Online or OneDrive automatically that person will gain access to those resources. And if when I do these I don't have governance controls or security processes in place that assures that this person should be part of that group, the sync process is just simply understanding that, OK, well this happened here. I'm just going to sync it. And this person, potentially, could gain access to resources on the Microsoft cloud on Azure AD and 0365 that they shouldn't have access to. This is why it's so important to ensure that your controls on-prem are taken care of so that when you replicate information, and resources, and access to the cloud, they are properly governed as well.
So, in summary, hybrid directory, or hybrid Active Directory more precisely, was created when Azure AD and O365 enter the new technology trend. And customers needed to integrate the two so that you can sync from on-prem to the cloud. And 90% of companies are using on-prem Active Directory, with about 500 million accounts globally, so a significant amount of companies are doing this. Because of the O365 adoption growth, which is about 70% year over year, this is rapidly increasing. So every time you do something very fast, you sometimes forget about the underlying things that you've got to take care of. Azure AD has over 10 million tenants and about 700 million accounts. And like we mentioned before, 75% of on-prem Active Directory customers are syncing their accounts, and their groups, and their access information from on-prem to the cloud. So it's of paramount importance that you ensure that your on-prem resources are well-protected. Don't let Active Directory on-prem be the Achilles heel to the security of your O365 and Azure AD environment. Thank you for watching.
[MUSIC PLAYING]
08:07