Why you need to clean up your Azure AD
If you have had any experience of managing Active Directory, either on-premises or in the cloud, you will know how quickly it can become cluttered. Whether it’s the details of users and machines that are inactive, accounts that have expired or been disabled, or groups made for projects that finished a long time ago – it can get messy really quickly.
So why is this a problem? A cluttered, outdated Azure AD can cause issues for your environment when it comes to security, cost, performance and monitoring:
1. It can create security vulnerabilities
If you have unused accounts (active or not) that no longer need to be in Azure AD, it can make your organisation more vulnerable to internal and external threats. As this Microsoft article explains, ‘Azure AD is the identity provider, responsible for verifying the identity of users and applications that exist in an organization’s directory, and ultimately issuing security tokens upon successful authentication of those users and applications.’ This means that if user information or objects are outdated or incorrect, verification becomes impossible, and it can weaken the authentication process, causing security issues for the user, and potentially the organisation. Depending on your organisation’s Active Directory ‘housekeeping’ policies, you can either delete, disable or move these accounts, so that they don’t litter your current environment.
2. It can impede productivity
As with on-premises Active Directory, a cluttered Azure AD can cause problems with user authentication and authorisation – meaning your users may not be able to access and use the services you’re paying for. This could lead to users being unable to log into the apps they need whilst on the move, or wasting time due to authentication issues, preventing them from taking advantage of ‘on the go’ productivity offerings – which happens to be a pretty big selling point of Azure AD and Office 365 in the first place.
By removing obsolete data from Active Directory, or by failing to maintain Azure Active Directory, you can drastically reduce the benefits you receive from your cloud environment. Office 365 is designed to encourage agility, mobility and flexibility in the businesses that use it – if you have huge amounts of redundant, duplicated or outdated data then it makes near impossible to achieve these performance-enhancing benefits.
3. You could be paying more than you need to
If you have inactive objects or users in your on-premises AD it was at no extra cost to your organisation – it’s a different story with Azure AD. If you have a handful of users who are inactive or disabled, but have not been removed, then you will be paying unnecessary fees for these unused Office 365 licences. Even if you have a couple of users where this is the case, and they are only there for a couple of months before it’s picked up, this could still be a significant (and easily avoidable) cost.
4. Rubbish in-Rubbish Out: Inaccurate AD attributes means inaccurate reports
If you report on your Azure AD regularly, you will encounter problems when trying to generate accurate, representative reports on your environment. As well as having to sift through irrelevant clutter in the form of objects and users, which do not fully reflect your user base, you may also encounter inconsistencies or unpopulated fields that don’t pick up the information you need to get a complete picture, which can be even more frustrating. Attribute inconsistencies can be a real annoyance, and they’re tricky to spot. For example, if one of your team is inputting “Country” as UK, you have been using United Kingdom, and another colleague has been using GB – you see how this will cause problems if you try to extract data on UK users. This makes reporting and monitoring a real challenge, especially when it comes to accurately filtering attributes, generating reports and getting a detailed understanding of your environment.
Our next blog post on this topic will take you through the best practices for identifying clutter, and cleaning up your Azure AD using PowerShell, Service Providers and reporting, so make sure to check back for clean-up tips.
Cogmotive is the leading global provider of enterprise level reporting and analytics applications for Office 365. Find out more now.