Azure Active Directory simplifies IT infrastructure management by providing a single place to store information about digital identities. But this convenient Identity and Access Management (IAM) system comes pre-configured with only basic features and security settings. For example, the default setting for Azure storage accounts allows access from anywhere, including the internet.
One of the commonly recommended solutions to increase the security of user accounts in the on-premise Active Directory is to require two-factor authentication using Smart Cards. Not everyone knows that Windows Smart Card implementation has undergone a significant change years ago that has not been clearly reflected in the publicly available documentation. Since Public Key Infrastructure (PKI) security is not a typical piece of knowledge, therefore many enterprises may be at risk.