Microsoft Dynamics 365 and Microsoft Power Platform online services operated by 21Vianet uses Azure Active Directory to authenticate user sessions. Customers have complete control of identity management, including enforcing Multi-factor authentication, and limiting an authenticated session duration.
Protect user credentials and access
Securing systems, applications, and data begins with identity-based access controls. The identity and access management features that are built into Microsoft Dynamics 365 and Microsoft Power Platform online services operated by 21Vianet help protect your organizational and personal information from unauthorized access while making it available to legitimate users whenever and wherever they need it.
These features enable you to manage user identities, credentials, and access rights from creation through retirement, and help automate and centralize the identity lifecycle processes. 21Vianet goes beyond the username and password model to provide stronger authentication, while making security more convenient for users with simplified processes and single sign-on (SSO). Robust tools make it easier for administrators to manage identity, and developers to build policy-based identity management into their apps.
21Vianet and Microsoft uses multiple security practices and technologies across the products and services to manage identity and access. These include:
- Multi-Factor Authentication requires users to use multiple methods for access, on-premises and in the cloud. It provides strong authentication with a range of easy verification options, while accommodating users with a simple sign-in process.
- Password policy enforcement increases the security of traditional passwords by imposing length and complexity requirements, forced periodic rotation, and account lockout after failed authentication attempts.
- Token-based authentication enables authentication via Active Directory Federation Services (AD FS) or third-party secure token systems.
- Role-based access control (RBAC) enables you to grant access based on the user’s assigned role, making it easy to give users only the amount of access they need to perform their job duties. RBAC can be customized according to your organization’s business model and risk tolerance.
- Integrated identity management (hybrid identity) enables you to maintain control of users’ access across internal datacenters and cloud platforms, creating a single user identity for authentication and authorization to all resources.
Azure Active Directory and Windows Server Active Directory Domain Services enable you to monitor access patterns both in the cloud and on-premises, and to identify and address unauthorized access attempts and other potential threats. Active Directory Domain Services also support features that are widely used in enterprises, such as domain join, LDAP, NTLM, and Kerberos authentication.
You can migrate legacy directory-aware applications running on-premises to Azure without worrying about identity requirements. You do not need to deploy domain controllers as Azure virtual machines (VMs), or use a cross-premises connection, such as site-to-site VPN or ExpressRoute, back to your identity infrastructure.
Microsoft Azure operated by 21Vianet
Azure Active Directory helps secure access to Customer Data in on-premises and cloud applications, and simplifies the management of users and groups. It combines core directory services, advanced identity governance, security, and application access management. Azure Active Directory also makes it easy for developers to build policy-based identity management into their applications.
Azure Multi-Factor Authentication requires the use of more than one verification method to authenticate a user. With this extra layer of authentication for both on-premises and cloud applications, Azure helps safeguard user access to Customer Data and applications. It delivers strong authentication with a range of easy verification options while meeting user demand for a simple sign-in process.
Cloud App Discovery is a Premium feature of Azure Active Directory (AAD) that enables you to discover cloud applications that are used by the employees in your organization.
Azure Active Directory Identity Protection is a security service that provides a consolidated view into risk events and potential vulnerabilities affecting your organization’s identities, leveraging AAD’s anomaly detection capabilities.
Azure Active Directory Domain Services enables you to join Azure virtual machines (VMs) to a domain without the need to deploy domain controllers. Users sign in to these VMs using their corporate Active Directory credentials, and can access resources seamlessly.
Azure Active Directory B2B Collaboration is a secure partner integration solution that supports your cross-company relationships by enabling partners to selectively access your corporate applications and data by using their self-managed identities.
Azure AD Application Proxy provides single sign-on (SSO) and secure remote access for web applications hosted on-premises.
Office 365 operated by 21Vianet
Office 365 uses Azure Active Directory to manage users. You can choose from three main identity models in Office 365 when you set up and manage user accounts. You can also switch to a different identity model if your requirements change.
- Cloud identity. Manage your user accounts in Office 365 only. No on-premises servers are required to manage users; it's all done in the cloud.
- Synchronized identity. Synchronize on-premises directory objects with Office 365 and manage your users on-premises. You can also synchronize passwords so that the users have the same password on-premises and in the cloud, but they must sign in again to use Office 365.
- Federated identity. Synchronize on-premises directory objects with Office 365 and manage your users on-premises. The users have the same password on-premises and in the cloud, and they do not have to sign in again to use Office 365. This is often referred to as SSO.
- Azure Active Directory.
- Office 365 uses Azure Active Directory as its identity platform. This provides your tenant with strong authentication options and granular control over how IT professionals and users can access and use the service. Office 365 also allows integration with an on-premises Active Directory or other directory stores and identity systems, such as Active Directory Federation Services (ADFS) or third-party secure token systems (STSs), to enable secure, token-based authentication to services.
- With Azure Active Directory you can federate an on-premises Active Directory or other directory stores. This enables all Office 365 users whose identities are based on the federated domain to use their existing corporate logons to authenticate to Office 365.
- Multi-factor authentication enhances security in a multi-device and cloud-centric world. Azure Active Directory provides an in-house solution for multi-factor authentication with a phone call, text message, or notification on a dedicated app. It also supports third-party multi-factor authentication solutions. Once your users have logged in with multi-factor authentication, they will be able to create one or more app passwords for use in Office client applications.
Microsoft Dynamics 365 and Microsoft Power Platform online services uses Azure Active Directory to authenticate users who sign in to the service, and prompts for Microsoft Dynamics 365 and Power Platform online services
credentials whenever a user attempts to access resources that require authentication. Users sign in to the service by using the email addresses they set up in their Microsoft Dynamics 365 and Microsoft Power Platform
online services accounts; Microsoft Dynamics 365 and Microsoft Power Platform online services uses the email address as the username, which is passed to resources whenever a user attempts to connect to data.