002: Stop buying or building Active Directory dependent apps
Overview
New applications procured or built by the organization should use modern authentication protocols and use Entra ID as the identity provider.
This is important for zero trust because this will natively enable security controls for new applications moving forward. This includes natively integrating with conditional access policies, consistent visiblity through sign-in, and audit logs, ability to grant/remove access, etc.
Centralizing applications authentication in Entra ID will also give you some additional benefits that are well received by IT, SecOps and/or end users, like but not only:
- Centralized sign-in logs;
- Login consistency and Single Sign-On (SSO);
- Centralized access engine policy (Conditional Access) for every app/service (on-prem, cloud or multi-cloud);
- Identity Governance functionalities, like Access Reviews, Entitlement Management, Lifecycle workflows (automated workflows for onboarding, offboarding and attributes changes), others;
- Native Entra ID features like Self-Service Password Reset (SSPR), Role Based Access Control (RBAC), regulatory compliance, global availability, others;
- Entra Security Service Edge (SSE) features, like Zero Trust Network Access (ZTNA), Secure Web Gateway, others.