For many years, we’ve had the capability to drive dynamically generated Active Directory groups using what we might, for the purposes of this post, call the ‘on-prem AD graph’ – in Microsoft Identity Manager (MIM).
MIM maintains a view of a person through the lens of data collected about that person from disparate systems such as HR, AD, Exchange, IP telephony, local apps and so on.
Dynamic Groups are superb for driving access or experiences based upon the data available in MIM. But the data in MIM is often a subset of the whole. Rarely are all on-prem apps integrated, and of those which are, only the attributes selected when the app was integrated is available. So for organisations this lens of person data may be bigger or smaller.
The Azure AD Graph
Today it’s already possible to flow the data we have about people to the Azure AD Graph, which is great; with this new functionality it means we can use Azure AD to drive creation of these groups (automatically if necassary) without consuming processing cycles in the MIM Service or having people manage and maintain these assets in the MIM Portal.
But the really interesting addition is in SaaS; Where MIM is limited to the data sources it is connected to (and the attributes flowed from each), the Azure AD Graph can contain identity-related data generated by over two and half thousand SaaS apps.
The richness this provides is going to dramatically increase the capabilities we have and it’s reaching the point where identity professionals must rely far more on the contextual knowledge and experience of people within the business to extract greater value from our capabilities.
Adoption of identity
Imagine being told that using data that means something to you – about your team, where you work, the department you work in, the applications you use, that you could drive a set of collaborative assets for your specific workloads. Perhaps automatically. Dynamic management of Office 365 Groups using the Azure AD Graph is an incredibly interesting prospect… Hopefully Microsoft Teams isn’t too far from General Availability!
Try out some of the functionality using this tutorial here.
November 03, 2016 at 09:59PM