ForgeRock Integrations with Microsoft Will Strengthen Compliance and Reduce Risk
At ForgeRock, we like partnerships that deliver real business and technical value to our customers and prospects. Today’s announcement that we’ve joined the Microsoft Intelligent Security Association (MISA) is a text-book example of two organizations coming together to provide even greater value for its shared customers.
We’re proud to earn a spot in the MISA ecosystem. Membership means an organization has met a high bar for delivering an integration with Microsoft Cloud Security services that will make a meaningful difference for customers. In our case, the new integrations we’ve delivered will help reduce risk and strengthen compliance for joint customers using Microsoft Endpoint Manager, Microsoft Azure Active Directory and Azure Sentinel.
Microsoft Graph Integrations
We approached the ForgeRock integrations in a way that would allow customers to benefit from Microsoft Cloud Security’s vast threat intelligence data to deliver a multi-layered risk mitigation strategy throughout a user's authentication and authorization journey. We did this by working with Microsoft to help strengthen the security of the user, the device they are on, and understand the user’s activities. This required three integrations with three different services, all enabled by ForgeRock’s integrations with the Microsoft Graph.
To understand the risk associated with a user we can check the posture of that user by leveraging a component of Azure Active Directory (AAD) called Confirm Compromise (a feature of their Azure Active Directory Identity Protection). We built an authentication node for ForgeRock Intelligent Access that reaches out to the Microsoft Security Graph. This node checks whether or not AAD thinks a particular user is risky. Depending on the risk level reported by Microsoft Identity Protection, ForgeRock Intelligent Access can adjust the user’s journey to require additional step-up authentication or deny the user access altogether.
The next layer in this risk mitigation strategy is to understand the security of the device the user has. To understand the user’s “device posture”, we once again built a ForgeRock authentication node that utilizes the Microsoft Graph to query Microsoft’s Unified Endpoint Management solution, Microsoft Endpoint Manager. We do this in order to understand whether or not the end user’s device satisfies a Compliance Policy. These organizationally defined policies may require a device to not be jail-broken, or that a machine is running the latest OS, before it is allowed to access a protected resource. Once ForgeRock Intelligent Access understands this device context from Microsoft Endpoint Manager, it can use it to make runtime decisions about the user’s authentication and authorization journey.
The final component in our layered approach required integration with one of the Microsoft Cloud’s newest solutions Microsoft Azure Sentinel. Microsoft Azure Sentinel is a cloud-based Security Information Event Management (SIEM) that leverages advanced machine learning capabilities. To integrate with Sentinel, ForgeRock used our Common Audit Framework (CAUD) which allows us to monitor user activity across our entire platform. This enables us to record any ForgeRock event, logging it to disk, relational databases, Splunk, or even syslog. We built a deep integration between CAUD and Azure Sentinel by leveraging a data format standard called Common Event Format (CEF). Since Microsoft has a number of pre-built visualizations, reports, dashboards and alerts that work out of the box on CEF data, our integration seamlessly leverages these powerful artifacts Microsoft has already built.
We believe these integrations are going to make a real impact in reducing risk for our joint customers and we look forward to hearing your feedback.