* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Partner Integrations](https://www2.paloaltonetworks.com/blog/sase/category/partner-integrations/)
* Securing Remote Work: Pri...

# Securing Remote Work: Prisma Access and Prisma Cloud With Azure AD

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F09%2Fsase-azure-ad%2F)  
[](https://twitter.com/share?text=Securing+Remote+Work%3A+Prisma+Access+and+Prisma+Cloud+With+Azure+AD&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F09%2Fsase-azure-ad%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F09%2Fsase-azure-ad%2F&title=Securing+Remote+Work%3A+Prisma+Access+and+Prisma+Cloud+With+Azure+AD&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2020/09/sase-azure-ad/&ts=markdown)  
\[\](mailto:?subject=Securing Remote Work: Prisma Access and Prisma Cloud With Azure AD)  
Link copied  
By [Joby Menon](https://www.paloaltonetworks.com/blog/author/joby-menon/?ts=markdown "Posts by Joby Menon")  
Sep 23, 2020  
5 minutes  
[Partner Integrations](https://www.paloaltonetworks.com/blog/sase/category/partner-integrations/?ts=markdown)  
[Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)  
[Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)  
[Partners](https://www.paloaltonetworks.com/blog/tag/partners/?ts=markdown)  
[Prisma Access](https://www.paloaltonetworks.com/blog/tag/prisma-access/?ts=markdown)  
[Prisma Cloud](https://www.paloaltonetworks.com/blog/tag/prisma-cloud/?ts=markdown)

Palo Alto Networks and Microsoft are proud to announce the latest integration between Prisma Access and Prisma Cloud, and Microsoft Azure Active Directory (Azure AD). In this latest development, the Prisma family of products now integrates with Azure AD conditional access and directory sync functions, providing customers of these products a comprehensive joint solution for securing remote users across hybrid on-premises and multi-cloud environments. The integrations will be available for customers in October 2020.

![The diagram shows how the new integrations allow Prisma Cloud, Prisma Access and Azure AD to complement each other in order to protect a remote workforce.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/09/Azure.png)

## The Challenges of Securing a Remote Workforce

The global workforce has changed significantly over the past year, and the demand for identity- and policy-driven secure access for the remote workforce has never been higher. Digital transformation and growing cloud adoption have pushed applications and services away from campus networks. The demand for greater workforce flexibility and remote work has only accelerated with the COVID-19 pandemic. Just as the home has become the new office, the resources remote workers access are everywhere -- on-campus data centers as well as public and private clouds managed by multiple vendors. Physical network perimeters are no longer tied to physical locations, but are globally distributed.

This new environment brings challenges. Traditional secure remote access virtual private network (VPN) architectures are no longer sufficient or effective. With distributed applications and services across hybrid cloud and on-premises environments, users can't simply VPN into a single data center to get the resources they need. Mobile work introduces new security risks as users access data over unsecured WiFi or unmanaged, unpatched and vulnerable user-owned devices. This leaves user credentials vulnerable to compromise and applications vulnerable to data theft. Organizations often rely on multiple authentication systems and a multitude of security products, such as web application firewalls (WAF), secure web gateways (SWG) and proxies to protect each of the services and applications users access remotely. Accessing different SaaS or data center applications across multiple locations and vendors means using different authentication interfaces and different security products. While corporate data center applications sit behind on-premises firewalls, SaaS applications for HR, billing and finance are frequently unsecured or sit behind separate cloud access security brokers (CASBs) or WAFs. As each of these products have separate interfaces and separate policies to manage, this makes rolling out uniform security policies and data center compliance across the extended enterprise increasingly difficult.

Securing a remote workforce across hybrid environments requires an identity- and policy-driven approach. This requires authenticating users, provisioning granular access and continuously monitoring the resources they access after connecting to an application or service.

## Prisma Access and Prisma Cloud, With Microsoft Azure Active Directory

Palo Alto Networks Prisma Access and Prisma Cloud, together with Azure AD, provide a comprehensive integration to secure remote workers across hybrid-cloud infrastructure from anywhere in the world. Azure AD is a cloud-based identity and access management (IAM) solution that helps employees securely access the resources and applications they need for on-premises applications, SaaS applications and custom-built applications. Azure AD provides a single service to create and manage access control policies for all users. Through Conditional Access, Azure AD assesses customized attributes of the connecting user and their device -- including device state, geographic location and user risk -- to selectively provision access to applications and services.

Azure AD integrates with Prisma Access and Prisma Cloud through SAML SSO. Prisma Access is a cloud-based Secure Access Service Edge (SASE) that enables organizations to seamlessly connect and secure any user, device and application. It consolidates secure access VPN, Zero Trust Network Access (ZTNA) and Next-Generation Firewall (NGFW) capabilities into a single service edge.

Once users are authenticated through Azure AD, Prisma Access leverages information from Azure AD to provide secure, encrypted remote access to corporate resources, regardless of location. Unlike traditional legacy remote access VPN solutions, Prisma Access provides [policy-controlled access to what the user needs](https://www.paloaltonetworks.com/blog/2020/06/network-zero-trust-strategy/), and only to specific applications and services. Prisma Access then performs post-connect monitoring of user traffic for signs of data loss, signatureless malware and user account compromise. With Prisma Access, mobile users no longer have to contend with multiple interfaces to access distributed applications and services, and security engineers no longer need to manage multiple security products. All corporate resources sit securely behind the global Prisma Access service edge that can be accessed anywhere, all the time.

Additionally, Prisma Cloud integrates natively with Azure AD. Prisma Cloud provides a comprehensive [Cloud Native Security Platform](https://www.paloaltonetworks.com/blog/prisma-cloud/cloud-native-security-platform-2/) (CNSP), combining cloud security posture management (CSPM) and [cloud workload protection](https://www.paloaltonetworks.com/blog/2020/05/cloud-2020-guide-cloud-workload-protection-2/) (CWPP) to secure your organization's hybrid, multi-cloud infrastructure. While users are accessing their cloud-based applications, Prisma Cloud performs continuous assessment of the users and application infrastructure, integrating configuration information, audit logs and network information from Azure powered by the Microsoft Graph.

The integration between Palo Alto Networks Prisma Access, Prisma Cloud and Microsoft Azure AD provides organizations with the means to secure mobile users across hybrid environments. Integration between Azure AD conditional access and directory sync functions will be available for customers in October 2020.

Learn more about [Prisma Access](https://www.paloaltonetworks.com/prisma/access).

*** ** * ** ***

## Related Blogs

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Call for Papers for Ignite 2020: Share Your Cybersecurity Expertise](https://www2.paloaltonetworks.com/blog/2020/08/call-for-papers-ignite-2020/)

### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Achieving End-to-End Zero Trust](https://www2.paloaltonetworks.com/blog/2020/05/network-end-to-end-zero-trust/)

### [Cloud Network Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-network-security/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Prisma Cloud 2.0 Just Launched: Why a Comprehensive CNSP is Essential](https://www2.paloaltonetworks.com/blog/2020/10/cloud-comprehensive-cnsp-essential/)

### [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Palo Alto Networks Extends ISO 27001 Certifications](https://www2.paloaltonetworks.com/blog/2020/09/policy-iso-27001-certifications/)

### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Why Most Zero Trust Network Access Solutions Are Too Trusting](https://www2.paloaltonetworks.com/blog/2020/07/zero-trust-network-access-solutions/)

### [Partner Integrations](https://www.paloaltonetworks.com/blog/sase/category/partner-integrations/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)

[#### 5 Reasons Why You Should Consider Cloud-delivered Managed Security](https://www2.paloaltonetworks.com/blog/2020/06/cloud-delivered-managed-security/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language