Want to learn the best practice for configuring Chromebooks with 802.1X authentication?

Sign up for a Webinar!

Tying IP Addresses to Azure Active Directory Users

Effectively tracking and managing identity context is one of the most important aspects of a secure Azure-based network. Without accurate identity context, it’s near impossible to determine if someone is an unauthorized user.

Additionally, identity context encompasses SSL inspection, which allows a greater overview of who is accessing which internal resources. A surprising number of data breaches occur as a result of bad internal actors, so it’s vital to record who accesses resources and when for accountability purposes.

There are many methods to tie user identity to a particular device. Historically, a device Mac Address was a straightforward method, but developments in new privacy techniques have granted favor to the IP Address as a more effective identifier.

Identity Privacy With Mac Addresses

external hard drive

A Mac Address is an identification number within a device’s hardware that uniquely identifies an individual device. It is manufactured into a device’s network card and cannot be changed. When a device is identified and added to an Azure network, the Mac Address is not tied to that Azure identity, only to the device.

Considering each device has its own unique Mac Address, it stands to reason that it would be the perfect tool for identity context.

Mac Address Randomization

A relatively newer addition to many device’s OS is Mac Address Randomization. Normally when a device identifies itself, the Mac Address is presented as a static number. When using Mac Randomization, the device scrambles its MAC address for each request, appearing as a new device each time. That allows it to remain effectively anonymous while browsing on a network.

The primary purpose behind Mac Randomization is that anonymity prevents the device from being tracked. If an attacker is targeting a certain user on a secure network, such as a company executive, they won’t be able to easily identify that user’s device based on the Mac Address; it’s continually changing.

Older versions of Mac Randomization only randomized the Mac Address when the device was searching for a network, and then would present the real address when connecting. Updated versions make randomization the default behavior when searching and connecting to the correct network. This sort of behavior creates difficulty when identifying Azure users as the Mac Address can no longer be tied to their identity.

Identity Context With IP Address

An IP Address is a number associated with a device when it connects to a network that allows information to be sent between the two parties. The IP creates an identity for the device on that network, making it easy to differentiate consistently between devices.

There are two types of IP addresses: Static and Dynamic. A static IP address does not change, while a dynamic IP address is assigned when connecting to a network and can change over time.

Hacker, Hacking, Cyber Security, Hack, Cyber Space

A static IP is used when an external source needs to remember your IP to identify you, such as connecting to a website. More commonly, a dynamic IP is used for identification. This is because the IP is assigned when connecting, so it’s not required to be the same always. A dynamic IP would be used for authentication to an office’s secure network, which is the type of IP used when authenticating with SecureW2.

When a device connects, it is assigned an IP from the ISP that associates that network connection and device identity. This is a unique, easy to identify number that provides a clear avenue for network communication. It allows for you to easily tie an Azure identity to a unique device IP.

Without outside intervention, a device’s IP address associated with a network will not change. But in certain situations, such as restarting the modem or contacting the ISP, a device IP can be changed. Because it is not wholly static, the IP Address is less vulnerable to threat compared to a Mac Address.

Azure AD (Microsoft Entra ID) Identity Management Solutions

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSLnlNhFPP0T7ZzFoCTGz4P6kzFFa1_5s_QYg&usqp=CAU

For onboarding new users to a secure Azure network, the JoinNow solution cannot be beat. Our software is compatible with every OS and allows users to self-configure in minutes, tying their IP Address to the device and certificate they are provisioned.

From a security standpoint, certificates clearly outmatch credentials, but when it comes to identity, they are miles ahead. Passwords are shared constantly between friends and coworkers, which is a nightmare for identity context. It’s impossible to know if a password was used by its legitimate owner. Certificates cannot be removed from a device or shared, so when a certificate is authenticated, you can be certain it’s correctly identifying the user and device.

SecureW2’s management portal gives a clear summary of what is happening on your secure network. Each certificate can be quickly tied to an Azure identity and IP Address, allowing for rapid identification of each user and device. SSL integration grants the ability to see what resources are being accessed by which users and can help prevent both internal and external data breaches.

Our certificate solutions easily integrate with Azure AD (Microsoft Entra ID) and any existing network infrastructure. We provide all the tools you need to launch a certificate-based network that provides clear and accurate identity context.

Check out our pricing page to see if our identity solutions can remove ambiguity from your network management.

Learn about this author

Eytan Raphaely

Eytan Raphaely is a digital marketing professional with a true passion for writing things that he thinks are really funny, that other people think are mildly funny. Eytan is a graduate of University of Washington where he studied digital marketing. Eytan has diverse writing experience, including studios and marketing consulting companies, digital comedy media companies, and more.

Tying IP Addresses to Azure Active Directory Users