Skip to content
Dave FisherMay 30, 20183 min read

Staying Safe in the Cloud - Is Your Data Secure?

Tailor Security to Business Needs

BW Nashville Skyline

While the fear of moving to the cloud has largely subsided, I still get the question of whether my data is safe in the cloud. That can be a lengthy conversation but to me the most interesting result of that conversation is that how secure your data is in the cloud is really up to you. Microsoft has been making strides in providing companies with cloud security features to enhance security across the enterprise. In Azure you can configure Multi-Factor Authentication (MFA), Advanced Threat Analytics (ATA) and take more control over your documents with Azure Information Protection (AIP). Microsoft provides an a la carte approach to security with all of their various offerings, although the trouble is that it can be challenging to determine which features are right for you and what licensing model makes the most sense.

The answer is different for each company, but I’ve taken the liberty to point out a couple features that I think are worth noting, as well as a quick licensing overview (that will almost surely change the minute I hit publish).

SSO + MFA = Extended Security

Configure federated Single Sign On (SSO) with your third-party applications and implement MFA policies. Doing so extends your MFA policies to your third-party applications. Now when a user logs into that payroll application from home they are forced to confirm their identity with MFA.

If you are dealing with sensitive data you may want to consider setting up conditional MFA based on the user’s location. If they are logging in from within your network then you may not want to worry about enforcing MFA but when offsite – be it at home or a café – you likely want MFA required.

These features will require Azure Active Directory (AAD).

Speed Up Security with Azure Advanced Threat Analytics

Microsoft does a nice job on their website explaining why Advanced Threat Analytics (ATA) can make a difference for your cloud security experience. One statistic worth noting: “Over half of all network intrusions are due to compromised user credentials.”

ATA tracks user’s behaviors and creates profiles for each user. When a user strays from their normal activities, ATA flags the suspicious activity and notifies administrators. ATA also tracks suspicious log in attempts and can either block or automatically force MFA for that login. If users are logging in from strange places it’s possible their credentials have been compromised. Forcing MFA or outright blocking that log in can prevent any damage from that attacker.


The various licenses in Azure can be difficult to navigate as well so below is an outline of the licensing options available from Microsoft as of the date of this post. You can use the links provided to view more details regarding the features available within each product and license tier. My general rule of thumb is if you are interested in 2 or more of the options below - you may want to consider just going with Enterprise Mobility & Security (EMS) and getting some extra features that may be "nice to have." 

Azure Active Directory (AAD)

  • AAD Free - Included in E3
  • AAD Basic - $2/user/mo.
  • AAD P1 - $6/user/mo.
  • AAD P2 - $14.50/user/mo.

Azure Information Protection (AIP)

  • AIP for Office 365 – Included in E3
  • AIP P1 - $2/user/mo.
  • AIP P2 - $5/user/mo.

Azure Advanced Threat Protection (ATP)

  • ATP - $5.50/user/mo. when added to E3

 Microsoft InTune

  • InTune - $6/user/mo. when purchased solo

Azure Enterprise Mobility & Security (EMS)

  • EMS E3 - $8.75/user/mo.
    • Azure AD P1
    • Azure Information Protection (AIP) P1
    • Azure Advanced Threat Protection (ATP)
    • Intune (Mobile Device Management)
  • EMS E5 - $14.80/user/mo.
    • Azure AD P2
    • Azure Information Protection (AIP) P2
    • Azure Advanced Threat Protection (ATP)
    • Intune (Mobile Device Management)


Dave Fisher

Currently based in North Carolina, Dave Fisher, Aerie's founder, plays a variety of critical roles at Aerie, from developing new business and managing client relationships to back-end office logistics. “I try to give our team the tools and atmosphere so they can do what they do best,” he says. “I love how every project is unique — and it’s fun going to companies, learning what they do, understanding their needs and challenges, then being part of their success.”