SentinelOne Unveils New Zero Trust Integration for Microsoft Azure Active Directory
November 2021 by Marc Jacob
At Microsoft Ignite, SentinelOne announced the SentinelOne App for Azure Active Directory, a new solution combining endpoint security and identity capabilities to advance Zero Trust architecture. The Singularity App for Azure Active Directory (Azure AD) enables organisations using SentinelOne to automatically alert Azure AD when an endpoint is at risk, triggering conditional access policies to protect corporate resources and enabling organisations to enforce the principles of Zero Trust. A Zero Trust architecture powered by SentinelOne creates a dynamic framework to secure the digital enterprise.
“Global cyberattacks attacks like Kaseya or SUNBURST are a constant reminder of the importance of modernising legacy security architectures,” said Sue Bohn, Vice President of Program Management, Microsoft. “The integration between SentinelOne and Azure Active Directory will allow organisations to combine leading endpoint and identity solutions to embrace a Zero Trust security model.”
As ransomware, supply-chain-based attacks, and credential attacks become increasingly popular amongst cybercriminals, endpoints and identities are two of the most commonly exploited attack vectors for gaining access to an organisation’s data. Organizations attempt to mitigate this risk by moving from a legacy network-based defence model to a Zero Trust security model, specifically by connecting their endpoint security and identity solutions to gain visibility of at-risk users. However, this generally requires that the organisation do the complex setup and maintenance on their own, and there are only limited automation opportunities for automatic remediation. With the Singularity App for Azure Active Directory, organisations can utilise a modern security platform that maximises their existing investments, allowing them to continuously re-establish trust with assets and provide explicit just-in-time access via a fully managed, automated solution.
When a user opens a malicious file on an endpoint, SentinelOne detects the incident and uses the Azure AD Risky User API to automatically mark the user’s identity with a confirmed compromised risk state and high risk level. When a user identity is changed to this state, an organisation’s Azure AD Conditional Access policy can initiate a number of responses including limiting access, blocking access or triggering a Multi-Factor Authentication (MFA) prompt. When the incident is resolved in SentinelOne, the user is moved out of the risky user state and returns to their normal identity state.
With SentinelOne on the endpoint and directly integrated with Azure AD, joint customers have a mechanism for continually, automatically verifying trust with every single user identity or endpoint. Furthermore, information on any impacted user identity is shared with Azure AD in real-time, triggering the organisation’s Conditional Access policy and subsequently preventing access to corporate resources and services.
The Singularity App for Azure Active Directory is available on the Singularity Marketplace.