Aon improves customer data security by leveraging Azure SQL Managed Instance with Microsoft Entra

Aon saw an opportunity to modernize secure access for its most important Microsoft SQL Server database. By moving to Microsoft Azure, Aon streamlined and automated how services accounts are authenticated and allowed access to its data.

By migrating data to Azure SQL Managed Instance and Azure SQL Database, Aon moved away from an on-prem password-based authentication process and adopted a passwordless model using managed identities and Microsoft Entra.

The move to Azure has eliminated password reset outages for Aon. Its teams no longer must work over the weekend to perform password rotations. The simplified approach has allowed Aon to deploy applications faster while keeping data secure.

Enabling innovation for Aon customers through modernization

As a leading global reinsurance broker, Aon exists to shape business decisions for the better and to protect and enrich the lives of people around the world. It offers its customers risk and human capital expertise and solutions, providing the insights and clarity they need to protect and grow their businesses.

For Aon, data is essential to achieving value for its customers. It permeates every solution and is the foundation for the expertise and services it offers. The company has decades of innovation in how it creates, collects, manages, and extracts value from data and is continuously looking to innovate and improve its approach.

Marc Boone, Director of Technology Strategy and Innovation at Aon, explains, “As a broker, Aon has access to a lot of data, and that has made technology really core to our mission. We see keeping our systems and infrastructure on the cutting edge as a necessity and prerequisite for us to continue to drive innovation on behalf of our customers.”

To manage its vast quantities of data, Aon has evolved an on-premises ecosystem over the years. One core technology widely used is Microsoft SQL Server, which is core to many of the company’s technology platform. In operation for over 25 years, this database is accessed daily by over 120 countries around the world, including Aon customers, business users, and technologists and external partners.

Boby Azarbod, Data Services Lead at Aon, notes that over time, the SQL Server database has become “one of the most important systems we have at Aon and has integrations with many other applications across Aon’s solution lines.”

Given the strategic nature of these databases, ensuring secure access to data is a critical priority for Aon. This is particularly true of all the service accounts that require access to the database on behalf of the core apps and products Aon uses with customers. Previously, Aon relied primarily on Microsoft Active Directory to authenticate access for service accounts communicating with other applications. In cases where Active Directory was unavailable, Aon relied on SQL Server logins. Each service account or SQL login required passwords to enable access; managing them was a complex and time-consuming endeavor.

Azarbod explains, “To align with Aon’s security policies, we would perform password rotations for our SQL login accounts on a cadence. These changes, along with the business outages, created a lot of overhead for us.”

Aon saw an opportunity to modernize its SQL Server databases by moving to Azure, enabling greater scalability, flexibility, and security for this vital resource. It was also an opportunity to transform legacy processes, such as enabling secure access for the plethora of service accounts that connect to it on a daily basis.

“The combined use of managed identities, Azure SQL Managed Instance, and overall cloud-native technologies fosters an environment where routine tasks are automated and operational efficiencies are maximized.”

Tom Schneider, Sr. Director, IT Operations, Aon

Enabling machine-to-machine communications

When first evaluating cloud platforms, two core factors that were evaluated were migration cost and efficiency. With 30+ years of products, the capacity to rewrite in a big bang approach was impossible. Leveraging Azure services gave the smoothest path to modernize from an on-premises architecture into a cloud-native approach while minimizing scheduled outages, enhancing Aon’s security posture, and minimizing infrastructure overhead.

Azarbod notes, “We saw significant advantages by having everything together in Azure. It simplified a lot of the integrations between different services, accelerating our journey.”

Aon planned the migration as a multiyear effort, first starting in Europe, and then later replicating those learnings to the Americas and Asia Pacific regions. The migration approach Aon took offered an opportunity to modernize along the way. One of those areas was around the security posture of how internal and external systems accessed their databases.

Bringing its data to Azure SQL Managed Instance and Azure SQL Database allowed Aon to move away from its prior password-based authentication process for service-to-service communications. Instead, Aon shifted to a passwordless model made possible using managed identities and authentication through Microsoft Entra. These identities are automatically managed in Microsoft Entra ID, eliminating the need to refresh and reset passwords manually.

Modernization builds foundation for growth

By moving from on-premises to Azure, Aon is enabling a modern architecture to further accelerate innovation and security capabilities on behalf of its customers.

Azarbod comments, “It’s rare when you have projects that yield improvements across multiple fronts, but this is one of them. By using managed identities, we’ve had less scheduled downtime along with less infrastructure overhead, while improving our overall security posture.”

For Aon, shifting to Azure SQL Managed Instance and using managed identities has eliminated most password reset outages. Where previously password rotations required Aon teams to work over a weekend to make the changes, managed identities have eliminated the need for manual password rotations. The simplified process has been very well received by Aon’s business, technology, and security teams, ultimately leading to a stronger foundation that can be offered to Aon’s customers.

“The combined use of managed identities, Azure SQL Managed Instance, and overall cloud-native technologies fosters an environment where routine tasks are automated and operational efficiencies are maximized. This not only enhances productivity but also significantly reduces the need for Aon employees to work outside normal business hours, allowing them to focus on strategic initiatives rather than day-to-day operational challenges,” says Tom Schneider, Senior Director, IT Operations, DevOps and Data Services at Aon.

Going forward, Azarbod notes, “Our goal is to continue to use managed identities wherever possible, to simplify all service-to-service touchpoints. Using managed identities has eliminated a lot of what we had to manage before in terms of password rotations.”

The change has also had an impact across the broader application development stack used by Aon in Azure. Microsoft Entra, along with managed identities, Azure Key Vault, and Azure Kubernetes Service (AKS), creates a secure environment for deploying its workloads. With Entra, managed identities automatically handle authentication, allowing applications in AKS to access Key Vaults and databases without needing to store sensitive credentials or database connection string logins. This means that only trusted services can retrieve important data, making everything safer and easier to manage. Overall, this integration helps Aon deploy its applications quickly while keeping data protected.

Discover out more about Aon on X, Facebook, and LinkedIn.