Microsoft Dynamics 365 and Microsoft Power Platform online services operated by 21Vianet uses Microsoft Entra ID to authenticate user sessions. Customers have complete control of identity management, including enforcing Multi-factor authentication, and limiting an authenticated session duration.

Protect user credentials and access

Securing systems, applications, and data begins with identity-based access controls. The identity and access management features that are built into Microsoft Dynamics 365 and Microsoft Power Platform online services operated by 21Vianet help protect your organizational and personal information from unauthorized access while making it available to legitimate users whenever and wherever they need it.

These features enable you to manage user identities, credentials, and access rights from creation through retirement, and help automate and centralize the identity lifecycle processes. 21Vianet goes beyond the username and password model to provide stronger authentication, while making security more convenient for users with simplified processes and single sign-on (SSO). Robust tools make it easier for administrators to manage identity, and developers to build policy-based identity management into their apps.

Secure identity

21Vianet and Microsoft uses multiple security practices and technologies across the products and services to manage identity and access. These include:

• Multi-Factor Authentication requires users to use multiple methods for access, on-premises and in the cloud. It provides strong authentication with a range of easy verification options, while accommodating users with a simple sign-in process.
• Password policy enforcement increases the security of traditional passwords by imposing length and complexity requirements, forced periodic rotation, and account lockout after failed authentication attempts.
• Token-based authentication enables authentication via Active Directory Federation Services (AD FS) or third-party secure token systems.
• Role-based access control (RBAC) enables you to grant access based on the user’s assigned role, making it easy to give users only the amount of access they need to perform their job duties. RBAC can be customized according to your organization’s business model and risk tolerance.
• Integrated identity management (hybrid identity) enables you to maintain control of users’ access across internal datacenters and cloud platforms, creating a single user identity for authentication and authorization to all resources.

Secure infrastructure

Microsoft Entra ID and Windows Server Active Directory Domain Services enable you to monitor access patterns both in the cloud and on-premises, and to identify and address unauthorized access attempts and other potential threats. Active Directory Domain Services also support features that are widely used in enterprises, such as domain join, LDAP, NTLM, and Kerberos authentication.

You can migrate legacy directory-aware applications running on-premises to Azure without worrying about identity requirements. You do not need to deploy domain controllers as Azure virtual machines (VMs), or use a cross-premises connection, such as site-to-site VPN or ExpressRoute, back to your identity infrastructure.

Secure apps and data

Microsoft Azure operated by 21Vianet

Microsoft Entra ID helps secure access to Customer Data in on-premises and cloud applications, and simplifies the management of users and groups. It combines core directory services, advanced identity governance, security, and application access management. Microsoft Entra ID also makes it easy for developers to build policy-based identity management into their applications.

Azure Multi-Factor Authentication requires the use of more than one verification method to authenticate a user. With this extra layer of authentication for both on-premises and cloud applications, Azure helps safeguard user access to Customer Data and applications. It delivers strong authentication with a range of easy verification options while meeting user demand for a simple sign-in process.

Cloud App Discovery is a Premium feature of Microsoft Entra ID that enables you to discover cloud applications that are used by the employees in your organization.

Microsoft Entra ID Protection is a security service that provides a consolidated view into risk events and potential vulnerabilities affecting your organization’s identities, leveraging Microsoft Entra ID’s anomaly detection capabilities.

Microsoft Entra Domain Services enables you to join Azure virtual machines (VMs) to a domain without the need to deploy domain controllers. Users sign in to these VMs using their corporate Active Directory credentials, and can access resources seamlessly.

Microsoft Entra B2B collaboration is a secure partner integration solution that supports your cross-company relationships by enabling partners to selectively access your corporate applications and data by using their self-managed identities.

Microsoft Entra application proxy provides single sign-on (SSO) and secure remote access for web applications hosted on-premises.

Microsoft 365 operated by 21Vianet

Microsoft 365 uses Microsoft Entra ID to manage users. You can choose from three main identity models in Microsoft 365 when you set up and manage user accounts. You can also switch to a different identity model if your requirements change.

• Cloud identity. Manage your user accounts in Microsoft 365 only. No on-premises servers are required to manage users; it's all done in the cloud.
• Synchronized identity. Synchronize on-premises directory objects with Microsoft 365 and manage your users on-premises. You can also synchronize passwords so that the users have the same password on-premises and in the cloud, but they must sign in again to use Microsoft 365.
• Federated identity. Synchronize on-premises directory objects with Microsoft 365 and manage your users on-premises. The users have the same password on-premises and in the cloud, and they do not have to sign in again to use Microsoft 365. This is often referred to as SSO.
• Microsoft Entra ID.

  Microsoft 365 uses Microsoft Entra ID as its identity platform. This provides your tenant with strong authentication options and granular control over how IT professionals and users can access and use the service. Microsoft 365 also allows integration with an on-premises Active Directory or other directory stores and identity systems, such as Active Directory Federation Services (ADFS) or third-party secure token systems (STSs), to enable secure, token-based authentication to services.

  With Microsoft Entra ID you can federate an on-premises Active Directory or other directory stores. This enables all Microsoft 365 users whose identities are based on the federated domain to use their existing corporate logons to authenticate to Microsoft 365.

• Multi-factor authentication enhances security in a multi-device and cloud-centric world. Microsoft Entra ID provides an in-house solution for multi-factor authentication with a phone call, text message, or notification on a dedicated app. It also supports third-party multi-factor authentication solutions. Once your users have logged in with multi-factor authentication, they will be able to create one or more app passwords for use in Microsoft client applications.

Learn more

Microsoft Dynamics 365 and Microsoft Power Platform online services operated by 21Vianet

Microsoft Dynamics 365 and Microsoft Power Platform online services uses Microsoft Entra ID to authenticate users who sign in to the service, and prompts for Microsoft Dynamics 365 and Power Platform online services credentials whenever a user attempts to access resources that require authentication. Users sign in to the service by using the email addresses they set up in their Microsoft Dynamics 365 and Microsoft Power Platform online services accounts; Microsoft Dynamics 365 and Microsoft Power Platform online services uses the email address as the username, which is passed to resources whenever a user attempts to connect to data.
Learn more