Duplicate systems, fewer tickets
Employees generate twice the work for administration if they have accounts in two systems. In a hybrid Microsoft environment, these are user accounts in Active Directory and Azure AD (Microsoft 365). Employees don’t know about this, but IT specialists do. Some only want to use services, others receive tickets.
The idea: It doesn’t matter how employees use the services, they should just use them. For IT and the helpdesk, however, there are not twice as many tickets.
Services on-premises and from the M365 cloud
Services such as mail via Exchange Online, SharePoint, OneNote and FileServices on on-prem servers or OneDrive create a lot of work. Synchronization from Active Directory to Azure AD (AAD Connect) does little to change this. It ensures that a user account is only created once and that the identity exists on-premises and in the M365 cloud.
Keeping track of all systems and using the right admin console is also increasingly difficult. Some on-prem data is synchronized, while others are maintained in an M365 admin center. Some of these functions, in turn, are spread across several admin centers. Some are missing altogether and are only accessible via PowerShell.
IAM Delegation in Active Directory and Azure AD
Split the admin load means less pressure on IT specialists. With more and more systems in place, IT and the helpdesk have to deal with ever more administrative tasks. Our idea is to use IDM-Portal to manage user accounts in at least two systems (AD, M365) instead of duplicating efforts. What sets this apart is that these can be hybrid, on-premise and cloud-based. In the Microsoft world, these are often Exchange, FileServices and Teams. The goal is to actually minimize the overall administration effort.
Split the admin load for hybrid identity management works as follows:
- Standardization of common IAM tasks in AD, M365 and other systems
- Automation of operations and implementation of compliance rules
- Sharing administration DIRECTLY with users, HR or power users.
- Utilization of existing hybrid IT infrastructure with AD and AAD
- PowerShell and templates give additional flexibility
- Employees manage requests for authorizations and data maintenance
- Information portal with data from on-premises and Microsoft 365
- User lifecycle management handled by department manager and HR
- Compliance-appropriate adaptation and traceability for audits