Azure Active Directory, also known as Azure AD, is Microsoft’s cloud-based identity and access management service that provides IT administrators the ability to manage user identities and access privileges. It combines directory services, advanced identity governance, and application access management under a single roof.
The service offers developers a standardized approach to add single sign-on (SSO) to their application. Microsoft’s cloud-based services such as Office 365, Microsoft Azure and Dynamics 365 use Azure Active Directory for sign-in and identity protection.
According to Microsoft, more than 6 million organizations around the world are using Azure AD.
What can you do with Azure AD:
Azure AD allows you to create and manage users and groups and also the ability to allow or deny access to enterprise resources.
Connect on-premise directories and use one identity to access applications
Remote access to on-premise applications
Azure AD supports several SaaS applications such as Office 365, Google Apps, Salesforce, Workday, Servicenow , Canvas, and box.
Azure AD offers self-service capabilities such as password resets, group management, application requests and application management.
Offer B2B and B2C access
Application proxy: Publish applications inside a private network and share it with users outside your network
Azure Active Directory Editions
There are three tiers of Azure Active Directory: Free, Basic and Premium. Key features for each tier is listed below
Synchronization or federation with on-premises directories through Azure AD Connect (sync engine)
User/group management (add/update/delete), user-based provisioning, device registration
Single sign-on (SSO)
Self-service password change for cloud users Security and usage reports
Basic: Includes all the features in free tier and the following
Group-based access management and provisioning
Self-service password reset for cloud users
Company branding (log-on pages, Access Panel, customization)
Enterprise SLA of 99.9%
Premium: Includes all the features in Free and Basic and the following
Self-service group and app management, self-service application additions, dynamic groups
Self-service password reset, change, unlock with on-premises write-back
Multi-factor authentication (cloud and on-premises, MFA Server)
MIM CAL + MIM Server
Cloud App Discovery
Automatic password rollover for group accounts
Azure Active Directory: Capabilities
“Azure Active Directory (Azure AD) is an identity and access management-as-a-service (IDaaS) solution that combines
single-on capabilities to any cloud and on-premises application with advanced protection. It gives your people, partners,
and customers a single identity to access the applications they want and collaborate from any platform and device. And
because it’s based on scalable management capabilities and risk-based access rules, Azure AD helps ensure security and
streamline IT processes.” – Microsoft
Azure Active Directory: Identity Secure Score
To help users keep a close eye on their security configuration and measure it against best practices, Azure AD calculates identity secure score and offers recommendations to improve security.
Azure monitors client’s security configuration every 48 hours, compares settings with best practices and offers an identity secure score between 1(lowest possible score) and 248 (highest possible score).
Azure Active Directory reports
Azure active directory offers two types of reports, security reports and activity reports. These reports give users a comprehensive view of activity in their environment.
- Security reports: You get two types of security reports, users who are flagged as risk and risky sign-ins
- Activity reports: The two types of activity reports are audit logs and sign-in activity
Azure Active Directory Pricing:
Pricing varies based on the type of Azure AD edition, Free, Basic, Premium P1, and Premium P2. Users can get free single sign-on for up to 10 apps per user, 500,000 directory objects and free access to premium features for 30 days.
|Edition||Pricing per user/month|
For more details and latest information on pricing please visit Azure AD Pricing
Azure Active Directory: B2C
Azure Active Directory (Azure AD) B2C is a cloud-based consumer identity management service that can be used to customize and control user interaction with web, desktop, mobile, and single-page applications. Using this service, end users can sign up, sign in, reset passwords, and edit profiles.
Azure Active Directory B2B
Azure Active Directory business-to-business (B2B) is a cloud-based service that can be used to collaborate, by securely sharing applications with users from other organization.
Azure Active Directory B2B uses an invitation and redemption process to securely share resources. This allows external organizations, even the ones that are not using Azure AD to use their own credentials to access your business resources.
Azure AD business-to-business APIs can be used to customize the invitation and redemption process, and also to build self-service sign-up portals.
Azure Active Directory (AD) Domain Services
Azure AD Domain Services provides managed cloud-based domain services such as domain join, group policy, LDAP & Kerberos/NTLM authentication in Azure. This service is fully compatible with Windows Server AD.
Administrators deploy domain controllers while migrating on-premise applications to cloud in order to handle the identity of applications.
Azure AD Domain Service, which is essentially a domain controller as a service makes migrating to Azure an easier process.
Application management with Azure Active Directory
Azure Active Directory (Azure AD) can be used to provide end users secure access to on-premise and
Some of the key advantages of using Azure AD is automated user provisioning, cloud-scale identity protection, multi-factor authentication, conditional access policies and single-sign-on.
Azure AD Connect
Azure AD Connect is a tool designed to offer hybrid identity management. It replaced Microsoft’s earlier identity integration tools such as DirSync and Azure AD Sync.
The tool allows users to connect their on-premise identity infrastructure with the cloud-based Azure Active Directory. Features include password hash synchronization, pass-through authentication, federation integration, synchronization
The Azure AD Connect tool can be hosted in the cloud using Azure IaaS.
Potentially faster provisioning and lower cost of operations
Integrators and Competitors:
In October 2017, AWS launched AWS Directory Service for Microsoft Active Directory (Standard Edition), also known as AWS Microsoft AD. Built on top of Microsoft Active Directory, the service enables AWS users to utilize Microsoft Active Directory to manage their users, groups, and devices.
Though Google Cloud Identity is not a directory service, it can be used to manage users, devices and applications.