This article was originally posted to the Microsoft Small and Medium Business Tech Community blog.

4/8 Update: We are now rolling out the full Azure AD Premium P1 capabilities to new Microsoft 365 Business customers. Rollout to current Microsoft 365 Business subscribers is scheduled thereafter over the next several weeks.

With Microsoft 365 Business (renamed as Microsoft 365 Business Premium after April 21st), we’re on a journey to deliver a comprehensive productivity and security solution for businesses with less than 300 employees.  It integrates your favorite Office apps and collaboration tools including Microsoft Teams with advanced security and device management capabilities.

We’re adding another key capability to the Microsoft 365 Business subscription – full Azure Active Directory Premium P1 license. This will roll out to new customers in the next few weeks, and to existing customers in the coming months.

Help your employees maintain secure access to apps-at work, at home or on the go

Microsoft 365 Business formerly had just a subset of Azure AD Premium Plan 1 capabilities including Conditional Accessself-service password reset, and Multi-Factor Authentication. With the addition of the full Azure AD Premium P1 license, you will soon get the benefit of cloud app discovery, Application Proxy, dynamic groups, passwordless authentication and more—all of which help your employees maintain secure access to work apps, whether they’re at home or on the go.

 

Diagram Azure AD for Apps (1).png

Simple, centralized app management to enable secure remote access with Azure AD
Here are some of the new capabilities that are specially relevant for small and mid-sized businesses-

 

1. Cloud App Discovery:

In modern businesses with Bring Your Own Device (BYOD) environments and work from home set ups, IT departments are often not aware of all the cloud applications that their employees use for work. As a result, administrators often have concerns about unauthorized access to corporate data, possible data leakage and other security risks inherent in the applications.

You can address these concerns by using Cloud App Discovery. Cloud App Discovery is a feature of Microsoft Cloud App Security (MCAS) that is also available with Azure Active Directory Premium P1. It enables you to discover cloud applications that are used by employees in your organization and view reports to analyze your environment. Cloud app discovery analyzes your traffic logs against a catalog of over 16,000 cloud apps. The apps are ranked and scored based on more than 80 risk factors to provide you with ongoing visibility into cloud use, shadow IT, and the risk shadow IT poses to your organization.

With Cloud App Discovery, you can:

  • Discover applications in use and measure usage by number of users, volume of traffic or number of web requests to the application
  • Identify the users that are using an application
  • Export data for additional offline analysis
  • Prioritize applications to bring under IT control and integrate applications easily to enable single sign-on and user management

 

Get Started with Cloud App Discovery and refer to Frequently Asked Questions.

2. Application Proxy: Many organizations run business-critical apps on-premises, and with the advent of remote and work from home scenarios, it becomes important to enable your employees to securely access these apps from anywhere. Azure AD Application Proxy is a lightweight agent that enables access to your on-premises apps, without opening broad access to your network. 

It’s more secure than VPN and reverse proxy solutions and easier to implement. Remote users can access your on-premises applications the same way they access Office 365 and other SaaS apps integrated with Azure AD. With App Proxy, you don’t need to change or update your applications and it also doesn’t require you to open inbound connections through your firewall. With a single sign-on to Azure AD, users can access both cloud and on-premises applications through an external URL or an internal application portal. For example, Application Proxy can provide remote access and single sign-on to Remote Desktop, SharePoint, Microsoft Teams, and other line of business (LOB) and SaaS applications.

This also proves to be cost-effective as you don’t need to change the network infrastructure or install additional appliances in your on-premises environment.

Learn more about Application Proxy

3. Dynamic groups help automate IT and business processes by automatically adding/removing users from security groups based on their attributes, thereby reducing the administrative overhead of adding and removing users. You can define attributes such as “sales department” for example to dynamically place a user in a certain group. You can use dynamic groups to assign users to groups automatically, then use these groups to grant access to applications.

Learn more about dynamic groups

4. Passwordless authentication: With the multitude of apps we use everyday, passwords can be frustrating to remember and are easily breached. Passwordless authentication makes life easier for you by replacing the password with something you have, plus something you are or something you know.

Microsoft offers the following three passwordless authentication options that integrate with Azure AD – Windows Hello for Business, Microsoft Authenticator app and FIDO2 security keys.

Learn more about passwordless authentication options for Azure Active Directory

We hope these new capabilities will make the transition to secure remote work a little easier. For a full list of Azure Active Directory Premium P1 capabilities in Microsoft 365 Business, please refer to the Azure AD pricing details page.