Salaam, Namaste, Ola and Hello!
Welcome to ‘I am IT geeks’ first technical blog!! As i explained in my introduction i will be blogging about my own experiences working in the IT industry. The first experience i will be talking to you about today is a recent Azure Active Directory migration i managed for a customer who is based in the Financial sector.
Setting the Scene – This particular customer was already using Office 365, SharePoint online and Skype for Business in addition to a Cloud based VOIP system, so you could say they were already big fans of ‘The Cloud’. The issue they had was that every user laptop was on its own work group! That’s right citizen…in 2017 there are people still in work groups….even multi million pound corporations! With GDPR fast approaching the customer needed a solution that would allow them to secure and manage devices whilst ensuring they are compliant….Enter Azure AD!
The initial discussions we around putting in a VM within Azure and promoting this to a Domain Controller, however i soon came to the conclusion that this was not going to be the right solution. This particular customer is a Global Financial Consultants so have lots of small offices around the globe. To make the Domain Controller VM in Azure work it would have required a Site-to-Site VPN from Azure to each office location they wanted to utilize which would mean a lot of management overhead.
As you can see it looks simple enough from a high level overview as above, but the issues i found were more specific. For example the Azure VPN has a list of supported Firewall/Router vendors and model’s, however that does not mean it wont work with ones that are not on the list. Unfortunately for me this customer had different routers at each site, which again added to the management overhead. Another stumbling block was the number of Site-to-Site VPNs that were supported. In this case we were using the Basic S2S VPN which supports a maximum of 10, however the number of remote offices exceeded this.
I was quickly realizing that i needed a plan B which I found in the form of Azure AD! Not only did it solve the problems the S2S VPN was providing, but with the addition of a Enterprise Mobility & Security license it opened up a whole new range of possibilities to the customer. With the EM&S license, all the sudden Single Sign on to 3rd party apps like Slack, DropBox and Sales Force was possible. Multi Factor Authentication was no longer a pipe dream. And the cherry on top of this Azure cake was Azure Intune and its MDM feature, allowing the customer device management, auditing and reporting that was previously not available.
With GDPR just around the corner Azure Intune was a key factor in the customer deciding to deploy Azure AD and EMS across the business….however citizen you will need to wait for part 2 of this blog to see how the migration went so until next time, ‘I am It Geek’ over and out!