Trace Id is missing
June 27, 2022

iHeartMedia tops the charts with Azure AD and Microsoft Sentinel, creating simplicity at lower cost

iHeartMedia leads the pack in the “always-on" audio media world. In a space where security is non-negotiable and where employees need immediate and easy access every time—often to industry-specific, custom applications—delivering that balance can be challenging. But when iHeartMedia replaced its identity solution with Microsoft Azure Active Directory (Azure AD) and deployed Microsoft Sentinel, it opened the door to a more streamlined user experience, dramatically lower licensing costs, greater visibility throughout its estate, and other benefits.

iHeartMedia

“People gave us unsolicited feedback about how they couldn’t believe how much easier their experience was. The reduced friction made workflows easier and quicker, with fewer interruptions. That streamlined sign-in really helped us move faster when we began pilot programs for some of our internal projects.”

Janet Heins, Chief Information Security Officer, iHeartMedia

In the media world, airtime is everything. If ever a case existed for combining data security with seamless access, the always-on audio media industry is it. That’s why iHeartMedia turned to Microsoft Azure Active Directory (Azure AD) for that balanced combination of security and ease. Pairing the solution with Microsoft Sentinel moved iHeartMedia data security even further, delivering the visibility needed to manage a complex estate more easily and effectively than ever before.

Seeking data security for a media giant

iHeartMedia is an audio industry powerhouse, serving up a full spectrum of listenable entertainment that includes broadcast radio, streaming digital music, influencers, personalities of all kinds, concerts, live music events, podcasts, and a host of other programming across several media platforms. That vast content pool reaches more than a quarter of a billion monthly listeners, enhancing the company’s outstanding consumer brand and industry-leading live event portfolio. The company also has the only fully integrated audio ad tech solution among broadcast, streaming, and podcasts and the number one social footprint among audio industry players.

What that means for Janet Heins, Chief Information Security Officer at iHeartMedia, is thousands of internal corporate users and millions of external users along with vast amounts of data to secure. The dynamic audio industry never rests. “To keep the leading edge, we need to be able to pivot immediately,” Heins explains. “That’s why our IT organization needs to be more agile than a traditional IT model.”

Her 25-person team faced a significant challenge in modernizing the iHeartMedia estate. Enormous and complex, the estate contained a geographically dispersed mix of on-premises and siloed cloud solutions, many of them written in-house for the media company’s highly specific needs. The team aimed to move iHeartMedia into a Zero Trust model at the same time.

Two requirements rose to the top of the priority list—streamlining user sign-ins and increasing security. The security team knew that blending ease of authentication and education would be key to bringing internal users onboard to maintain data safety. The company’s identity solution was based on federated authentication versus managed authentication. This modern managed approach allowed for a more streamlined user experience without sacrificing security, AI-based risk management, and integrated platform services for existing applications. The external user sign-on process now allows for additional enhanced security required in most modern authentication scenarios.

Racing against a licensing timeline

Heins engaged Active Identity Management, Inc. (ActiveIdM), a Microsoft Partner Network Gold member, to evaluate security and identity at iHeartMedia. Rob Allen, Director of Architecture and Technology at ActiveIdM, and his team reviewed iHeartMedia security goals for improved access and establishment of a Zero Trust model. Allen recommended replacing its third-party identity solution with Azure AD.

Using Azure AD would make it possible to tailor sign-in requirements according to specific application needs. The company also sought to refine its control plane by using Conditional Access policies in Azure AD. “iHeartMedia wanted to customize access requirements to each app, which is easier with the increased understanding of endpoints that Azure AD facilitates,” says Allen. “This move supported the shift to a Zero Trust model.”

Heins and Allen agree that choosing a new solution was the easy part. But they had six months to make a major transition if iHeartMedia was to realize its hoped-for licensing savings. “We increased security and ease of use by implementing Azure AD,” says Heins. “And we saved the licensing costs we would have had to pay to renew our contract for our third-party solution.”

Keeping it simple with frictionless Azure AD and Azure AD External Identities

Adopting Azure AD and Azure AD External Identities—to help secure and manage customers and partners—improved every aspect of the sign-in experience. “Azure AD handles the sign-ins, sessions, user identity, and endpoints in a much more nuanced way than the previous method,” says Allen. “The increased endpoint and session data we got from Azure AD helped us to add more security intelligence, applying more rigid policies when we needed them and reducing barriers when the risk was lower. That evoked a better user experience.”

iHeartMedia applied the same streamlined approach to its public-facing iHeartMedia Payment Portal, adding multifactor authentication for increased security and completing the last item on the Azure AD rollout. “It was a win-win for us because in addition to avoiding a pending license renewal, we added the multifactor authentication security component,” says Heins.

Additionally, the ActiveIdM team helped iHeartMedia use Windows Autopilot, within Microsoft Endpoint Manager, to configure the vast number of devices. “The entire Windows ecosystem was more than 10,000 devices hybrid-joined with Azure AD to support Zero Trust modeling,” explains Allen, adding that more than 3,000 Azure AD–joined devices with Windows Autopilot rely on key trust modern managed technology. “The full Azure migration from the previous third-party solution also included 384 apps—all completed in six months,” continues Allen. “That resulted in other benefits, including removal of reliance on line-of-sight to domain controllers for the now Azure AD–joined devices, integrated workstation password resets with Azure SSPR (self-service password reset), and offline cached credentials. It also moved iHeartMedia from a federated domain to a managed domain in Azure.”

Most importantly, the 9,000 iHeartMedia employees embraced the changes. In anticipation of resistance to change, the security team kept its messaging brief and easy to digest quickly. Even with that thoughtful change management, the team was surprised by the positive reception. “People gave us unsolicited feedback about how they couldn’t believe how much easier their experience was,” says Heins. “The reduced friction made workflows easier and quicker, with fewer interruptions. That streamlined sign-in really helped us move faster when we began pilot programs for some of our internal projects.”

Removing the “swivel chair factor” with Microsoft Sentinel

Creating the agility iHeartMedia needed so much would only be possible with centralized visibility over the entire ecosystem, on-premises and cloud, which includes a vast and diverse workforce—from the company’s finance department to its sales force and creative groups. The company uses some non-Microsoft solutions for security and needed a security information and event management (SIEM) solution that could ingest data from multiple sources into a single dashboard. It chose Microsoft Sentinel, not only for significant cost savings but for the simplicity and ease of management that come with consolidating vendors.

Soon after taking her position at iHeartMedia, Heins asked an incident response analyst to walk her through a day in her life. “I immediately formed an image of our incident response analysts swivelling all day long from one screen to another, trying to make sense of all that data from disparate systems,” recalls Heins. “Now with Microsoft Sentinel, one screen shows our analysts the intelligence to alert based on the data it combines from multiple systems, including firewalls, domain controllers, and everything else.” That aggregated data coupled with the AI-enabled monitoring frees analysts to concentrate on the alerts they know to be valid, without spending endless hours searching for that needle in a digital haystack for that one urgent event buried among endless possibilities. Because Microsoft Sentinel monitors the breadth of the ecosystem—people, systems, and servers—analysts gain a full view into every aspect of the iHeartMedia digital landscape.

The security team increasingly relies on Microsoft Security solutions, accelerating vendor consolidation that helps Hein’s teams become more productive. And they’re able to grow professionally. “Our team can do more varied and complex work because their time isn’t taken up with routine tasks. Those now get handled by our Microsoft Security solutions,” says Heins. “And that makes it easier for the team to keep iHeartMedia on the air.”

Find out more about iHeartMedia on Twitter, Facebook, YouTube, and LinkedIn.

“The increased endpoint and session data we got from Azure AD helped us to add more security intelligence, applying more rigid policies when we needed them and reducing barriers when the risk was lower. That evoked a better user experience.”

Rob Allen, Director of Architecture and Technology, Active Identity Management, Inc.

Take the next step

Fuel innovation with Microsoft

Talk to an expert about custom solutions

Let us help you create customized solutions and achieve your unique business goals.

Drive results with proven solutions

Achieve more with the products and solutions that helped our customers reach their goals.

Follow Microsoft