Secure Your Azure Active Directory Domain Controllers
Working from home has become the new norm. In this article, we dive into why it is time to part ways with your on-premises domain controllers, get your devices registered to the Microsoft® Azure®, and enable a secure work from home environment.
With work from home taking hold across the country and becoming the new normal, it is increasingly relevant for companies to start cutting the cord on those legacy on-premise Active Directory Domain Controllers. Companies are struggling and having difficulty creating and updating policies and remote installing software packages all while having all their employees constantly draining precious bandwidth on their backhauled VPN network. This is all just so that they can "talk" and check in constantly to the on-premise Active Directory Domain Controllers. This also presents an issue if there is a problem with one of these physical domain controllers since it's not possible to get into the office to fix it.
Why not move that traffic directly to the Microsoft Azure Cloud?
Lucky for Microsoft shops everywhere the answer starts right inside your Windows 10 Operating System. Start joining your Windows 10 machines to Azure Active Directory and manage them with Microsoft Intune inside your Azure Subscription. Here is an example below of a test Windows 10 Azure Virtual Machine that I spun up in my subscription to simulate an on premises end user laptop. Note, you will also need an Office 365 subscription with an available Microsoft Intune license for this to work. In the case of my test I am using an E5 developer subscription with Microsoft Intune.
Once you join your machine to Azure Active Directory you will be able to use Microsoft Intune to regulate polices to get away from on-premise based GPOs, and be able to automatically push software packages to your employees. Below is the Microsoft Intune Interface inside Microsoft Azure. This shows my test machine and that it is actively joined to Azure AD and the owner has been set and it is managed by Microsoft Intune.
Now lets explore pushing an application from the cloud utilizing the power of Microsoft Intune. In this case, we need to protect and secure our test desktop with Trend Micro Worry- Free Services.
This is done by creating a Line of Business App. You can simply upload the application file in this case the Trend Micro Worry-Free msi file that is tied to your Worry-Free Services subscription.
Once the package is uploaded you will want to go onto the additional configuration options. The upload time may take up to a few minutes depending on the size of the package.
You will want to select the App Install Context option as the device selection. This is so the application is installed silently and and available to all users/owners of the computer.
The assignments screen is also important because you can set which users, groups, and devices this can be installed on. Think about the scope of your install. In this case, because I want to enforce security on all my devices, I selected All devices.
Once your scoping selection is completed you will be presented with a summary screen.
Now you can check in with the device to find the overall status of the installation.
In a few moments you should see that the status is installed. Cool! Lets check the actual Windows 10 desktop as well.
You can see here that the device has synchronized successfully with Microsoft Azure Active Directory and Microsoft Intune and has been installed successfully.
You can also check your Trend Micro Worry-Free Services Cloud console and see that the machine has called home to the Trend Micro Worry-Free Services Cloud Console and applied policy. Congratulations! Your computer is now registered to your Azure Subscription, managed, and secured by Trend Micro Worry-Free Services security software!
References used for the article:
Trend Micro Worry Free Services