Automating Onboarding Students and Using Microsoft to Manage G Suite: Part 4

September 20, 2019/

Part 4: REVIEWING MICROSOFT CLOUD APP SECURITY REPORTS ON G SUITE IDENTITIES

Problem

The typical IT admin in this scenario requires their School Information System (SIS) to synchronize student data their on-prem AD, Azure AD, and G-Suite. Currently, they feel that neither Microsoft nor Google has provided them with a convenient method with which to both effectively and efficiently manage the identities in these seemingly disparate environments

Objective

By integrating Azure Active Directory with G-suite, we will be able to administratively manage an organization's on-prem AD, Azure AD, and G-suite identities from a single portal. In addition, with G-suite's identity management being delegated to Azure AD, we can redirect the SIS's synchronization from G-suite to either the on-prem AD or Azure AD.

In this way, we will have a continuous stream of data flowing from one entry point, that is reflected in all relevant directories. Such a seamless system will make the provisioning of identities, access permissions, and group memberships a simple process for IT administrators.

Part IV: reviewing microsoft cloud app security reports on g suite identities

4-1-1

In this section we will be highlighting the following items:

  • Monitoring G Suite Identities with Microsoft Cloud App Security (MCAS)
  • Overview of Microsoft Cloud App Security Reports

With our G Suite Identities being managed by Azure AD, we also gain instant visibility into the sign-in activity log of our G Suite Users.

4-2

Firstly, from the screenshot above that was taken from our MCAS activity log , we can see that the user was successfully able to complete his login, as a failed login would indicate a failed attempt in both the Description and Type field.

4-3

Taking a closer look at the activity details of this user, we can see that this logged activity was a log on attempt to our G Suite app for which Azure AD SSO was configured:

4-4

Looking farther to the right of the expanded activity view of this user, we can also garner additional information on the type of device that was used to login to G Suite, and the location from which the user’s connection is originated:

 4-5

Now this is but a fraction of the oversight and management of G Suite identities that can be had with Microsoft Cloud App Security. By adding G Suite as one of our connected apps directly through the MCAS portal, we can gain even more administrative control over our G Suite accounts and data:

4-6

With that said, reviewing the MCAS logs for our G Suite identities once we have Azure AD managing them is a great place to start to acquire some familiarity with its capabilities.

 

CREATE CONDITIONS FOR LEARNING- LEARN MORE ABOUT INTUNE FOR EDUCATION

DOWNLOAD THE INTUNE FOR EDUCATION INFOGRAPHIC

 
Get Free Widget