Microsoft and F5: Together Addressing Secure Remote Access and Productivity

Jay Kelley

Published May 06, 2020

As the COVID-19 pandemic continues to make its presence felt across the globe, millions of people are adjusting to social distancing guidelines, stay-at-home policies, or total lockdowns enacted by their countries, regions, and territories as we work together as a worldwide community to “flatten the curve.”

These governmental mandates have forced many offices of all sizes to close their doors for the safety and health of their workers and surrounding communities. Organizations from every sector have taken steps to ensure that all employees, contractors, and other workers have the appropriate equipment, remote access capabilities, and knowledge and training to utilize equipment and services. They have also needed to confirm that their workforce has secure access to the complete set of applications they need to remain productive.

And while organizations have migrated many applications to the native public cloud or have converted to Software-as-a-Service (SaaS) applications, there are still many applications running in traditional environments. These apps do not or cannot support cloud migration, or can’t be easily substituted by SaaS. These applications may provide mission-critical functionality or data, or be custom apps created to address specific operations and processes. In addition to not lending themselves to simple cloud migration or replacement, many of these applications do not support modern authentication and authorization capabilities, protocols, and standards.

Lacking support for modern authentication and authorization, these apps by definition will not support federated identity. Without federated identity, remote users are not able to take advantage of multiple benefits of advanced single sign-on (SSO), including context-aware policy enforcement and multi-factor authentication (MFA).

Secure Access to All Applications for the New Normal

F5 and Microsoft are helping organizations to ensure that their now home-based and remote employees are able to securely and seamlessly access all the applications they need to be productive—especially with all the new challenges they’re facing every day.

By deploying Microsoft Azure Active Directory, Microsoft’s comprehensive cloud-based identity and access management platform, along with F5’s trusted application access solution, BIG-IP Access Policy Manager (APM), organizations are now able to federate user identity, authentication, and authorization, and bridge the identity and access gap between native public cloud and SaaS-based applications, and applications located on-premises, in a data center, or private cloud.

F5 BIG-IP APM and Azure Active Directory simplify the user experience for application access by enabling users to log in once and access all applications they have the right to access, from a single location.

Microsoft and F5 together empower legacy applications formerly incapable of supporting modern authentication and authorization to interoperate with Azure Active Directory. By combining F5 BIG-IP APM and Azure Active Directory, header or Kerberos-based authentication apps can be enabled with SSO and Conditional Access for risk-based adaptive access to ensure the right users have the right access to the right resources. Azure Active Directory as an IDaaS delivers a trusted connection to BIG-IP APM creating a bridge between modern and classic applications, delivering SSO and securing all apps with MFA and conditional access policies based on user, device, location, time-of-day, and risk-based adaptive access.

This approach enables users who are working from home during the COVID-19 pandemic to easily and securely access their network and all of its resources—remotely. BIG-IP APM SSL VPN capabilities ensure secure, fast network and application access for remote users, while protecting corporate network resources, applications, and sensitive data from a wide range of attacks (including malware, theft or hack, and rogue or unauthorized access). In combination with Microsoft Azure Active Directory, customers can create a strong root of trusted identity to all applications, regardless of their supported authentication method, including mission-critical and custom applications.

Many organizations have also deployed—or are moving toward deploying—a Zero Trust architecture. BIG-IP APM delivers Identity Aware Proxy, providing seamless, secure application access leveraging a trusted identity source (in this case, Microsoft Azure Active Directory). BIG-IP APM’s Identity Aware Proxy, in conjunction with Azure Active Directory, enforces modern authentication—such as identity federation, SSO, and even MFA—for all applications, even those not natively supporting modern authentication. The integration of BIG-IP APM drives context- and identity-aware policies, utilizing a Zero Trust model for validation of every application access request, empowering organizations to continue, modify, or halt application access, while continuously monitoring the user and their device for integrity and posture changes that may endanger the application.

While each company, employee, and situation is different, we are all adapting to find paths forward. Together, F5 and Microsoft can help ease the challenge of ensuring secure user experience and application access for those working remotely—safeguarding employees’ productivity and security by preserving connections digitally as we stay physically separate.