“A business that doesn’t change is a business that’s going to die.”Frank Purdue
Due to the current global health event, knowledge workers have been advised to avoid the office and instead work from home. This has been a monumental change that happened nearly overnight. Given this new scenario, all those rules that governed on-premises company data are promptly thrown out of the proverbial window.
The system that has historically determined access has been Microsoft’s Active Directory (AD). It provided information management and authentication. But beyond the perimeter of the building and its local area network, access wasn’t possible except through a virtual private network (VPN) or other protocol, such as RDP. Unfortunately, VPNs have security risks and RDP is getting pummeled by brute force attacks.
The answer to this dilemma is Azure Active Directory (Azure AD), a directory service from Microsoft that is cloud-based and provides access to an organization’s internal resources from anywhere, and not restricted to those resources only found within the confines of a building or local network with its on-premises servers.
With Azure AD, we now consider the user role, their license, and their membership to specific Microsoft 365 Groups to determine access to a given document. For example, a CFO might need to access a financial spreadsheet from her home office. Her Microsoft 365 license provides the ability to authenticate from afar using Multi-Factor Authentication. The CFO uses the Authenticator app from her phone to verify her identity. And because the CFO happens to be a member of the “C-Level Finances” group, then all the documents within the SharePoint document library that is respective to the C-Level Finances group are accessible to her. The documents from this document library are synced with the OneDrive app to her laptop, so this proprietary data is available with internet access or without as offline files to be synced upon reconnection.
The document carries the authentication privileges with it and only allows access to the document by virtue of the facts that they are licensed with the organization and that they’re a member of the respective Microsoft 365 Group and its document library as a file repository.
To take this example a step further, let’s consider Microsoft Teams. When a Microsoft Team is created, the creation process includes a new Microsoft 365 Group and a new SharePoint document library. These three go hand-in-hand — whenever you have created a team in Teams, then you have also created an associated Microsoft 365 Group and a SharePoint document library. In this regard, we might consider that an organization’s data is commonly found under the Files tab in a Channel within Teams. Every channel gets its own subfolder within the SharePoint document library created by the team’s creation. These are Teams Files in Microsoft Teams:
And these are the same Teams Files or folders within File Explorer: