Call us now Email a specialist
+353 1 6420100 | info@ward.ie
  • Resources
  • Blogs
    • Insights

    DirSync ‘End of Life’ approaching

    When Microsoft introduced Azure Active Directory Connect in 2015 we knew that it was the beginning of the end for the company’s older identity synchronisation tools. And now that day has come; Microsoft has announced that the still popular Azure Active Directory Sync (DirSync) and Azure AD Sync are now deprecated and will reach end of support on April 13th 2017.  Azure AD Connect is now Microsoft’s only solution to connect your on-premises directory with Azure AD and Office 365.
    What purpose do these tools serve?
    DirSync and Azure AD Sync provided the capability to synchronise identity data from organisations on premise directory services to Azure Active Directory, supporting identity management processes for their Office365 and/or Azure services. DirSync supported the synchronisation of objects from a single forest only, whilst Azure AD Sync was aimed at organisations with multiple Active Directory forests.
    Azure AD Connect, Microsoft’s replacement for the capabilities of these tools, provides a much richer feature set, which includes:

    • Password write back – the facility to synchronise password changes from Azure/O365 down to the on-premises domain, allowing users to change or reset their passwords within Office365 and mirroring those changes on your On Premise AD.
    • Device write back – allowing devices registered in the cloud to be written into AD for conditional access.
    • Accidental delete prevention – a function which limits the number of accounts that can be deleted at a time.

    These functions, and many more besides, make Azure AD Connect a much more user friendly and powerful tool than its predecessors.
    What does end of life mean?
    ‘End-of-life’ for these Microsoft tools is the point where Microsoft will no longer support them. From that point onwards, Microsoft will no longer be releasing patches, bug-fixes or new releases of DirSync. Microsoft’s commitment to support bugs, issues or security flaws that arise from that point on will cease.
    While the tools will continue to function after April 13th 2017, customers will be unable to open a support case for DirSync or Azure AD Sync with Microsoft. Businesses that continue to utilise these unsupported tools after that date risk leaving themselves open to potential defects that could compromise their environment and services. As well as this, identified security vulnerabilities that aren’t being addressed by patches could put data security at risk, or even serve as a route for cybercriminals to access other systems on the network.
    Businesses that update sooner rather than later will enjoy the full benefits offered by Microsoft’s continued support, including the provision of patches and bug-fixes, which will significantly reduce the likelihood of data breach or loss. Ward Solutions recommends that our clients who are currently using DirSync or Azure AD Sync start planning their upgrade to Microsoft’s replacement solution, Azure AD Connect, before 13th April 2017 and avoid the many problems and risks that are associated with using out-of-support software.
    What’s involved in upgrading?
    Now for the good news: The upgrade to the Azure AD Connect tool is not a costly or time consuming undertaking and can be performed with minimal downtime of your synchronisation processes. Phew!
    For smaller environments, where Active Directory is currently managing fewer than 50,000 objects, an in-place upgrade can be performed on the existing environment running your DirSync / Azure AD Sync service.
    For larger environments with more than 50,000 objects, a parallel deployment is needed, which does require a server separate to the existing DirSync / Azure AD Sync instance. However, this can present a great opportunity to refresh the server hardware and / or operating system if needed.
    To find out more about what’s involved or to get assistance with your upgrade, speak to one of Ward’s experienced team – visit https://www.ward.ie/about-us/contact-us/ or call +353 1 6420100.

    Insights

    Identity & Access Management: I’m done now …. Right?

    The simple answer is no – IAM must be considered with the mindset of continuous improvement (unlike our golf swings which are just perfect now… right?)
    Over the course of our last two blogs we’ve looked at the necessary steps that your organisation needs to take  to plan and implement a successful Identity and Access Management programme. In the final blog in the series we’ll give you some guidance to help your IAM strategy to stand the test of time.
    To help your business sustain the benefits of your existing efforts in your Identity and Access Management projects IAM needs to remain on your IT Governance and Strategy agenda. As well as this, remaining focused on your IAM programme can ensure awareness of new requirements or challenges that are being posed.
    One way to ensure that IAM doesn’t fall off the radar once you have completed your initial priority projects is to identify useful KPIs and regularly report on them. This can make it easier to monitor and identify areas of improvement and more importantly, areas that are underperforming.
    When generating your reports some important areas and topics to focus on are:

    • The volume of user related support tickets, such as password resets or access requests
    • The average time it takes to provision or de-provision a user
    • The average time it takes to authorise a request
    • The number of reconciliation exceptions (orphaned accounts, accounts with elevated permissions)
    • Quarterly User Access Management audits for attestation

    The threat of Shadow IT
    When it comes to sustaining your IAM policies it’s important to ask yourself if you know what solutions and services, either internal or cloud-based, staff are using.
    Ward’s team frequently works with businesses that have introduced their IAM programmes and insist that cloud services are not part of their strategy and not used in their organisation. However, it’s often the case that on closer inspection individual departments are found to have on boarded cloud solutions into their team, or are frequently utilising cloud applications to facilitate requirements that the business is not meeting.
    A common example of this is the use of Dropbox to share information with external vendors or customers. If this goes unnoticed this sort of shadow IT can severely hamper the effectiveness of your organisation’s meticulously planned IAM strategy, and increase the likelihood of data breach or loss.
    Having implemented your policies and procedures, it’s critical that you sustain the appropriate governance, to continually reaffirm and attest your compliance.
    As your business, your industry and the way you work continue to evolve, so will your IAM challenges.
    Organisations whose IAM challenges were previously limited to their wholly on premise landscape now need to consider how to address new challenges as they look to utilise cloud services. What’s more, growing organisations which traditionally had onsite workforces, now need to manage the concerns over a mobile workforce that needs to work from anywhere, anytime. Finally, continued changes in compliance and regulatory obligations introduce new requirements for businesses, for applying proper security controls, governance and attestation.

    IAM oversight is essential
    As we discussed in our previous blog on implementing your IAM program, the need for an IAM Steering Committee responsible for IAM oversight within your business is essential. This group needs to promote awareness of your IAM best practice approaches, processes and polices throughout your organisation, and ensure that IAM compatibility is on the agenda for all new ICT Projects, to sustain the efforts and improvements. According to Gartner, by 2018 50% of IAM programs will be responsible for both enterprise and consumer facing IAM infrastructure, up from 20% today.
    We understand that businesses can find that they do not have the capacity or capability to fulfill these roles and responsibilities, including understanding of the evolving IAM landscape and what it means to their own business, management and support of IAM operations and monitoring and governance of their processes and standards.
    Ward Solutions – an established IAM Partner
    This is the value that an IAM Partner can bring to your business. In our capacity as an IAM Managed Service Provider Ward Solutions is focused on staying updated on best practices, industry trends and emerging tools and solutions, and can bring this expertise to your business in a guidance and advisory capacity. In addition to these services, Ward can take responsibility for the day to day support and maintenance of your IAM related environment and services.
    To speak with the Ward team about managing your IAM services and challenges, visit https://www.ward.ie/about-us/contact-us/ or call +353 1 6420100.