Azure Active Directory, known as Azure AD, is Microsoft’s cloud-based identity and access management service which provides IT administrators the ability to handle user identities and access privileges. It combines directory services, innovative identity governance, and application access management under a single roof.
The service provides developers a standardized strategy to include single sign-on (SSO) for their application. Microsoft’s cloud-based services for example Office 365, Microsoft Azure and Dynamics 365 usage Azure Active Directory for sign-in and identity protection.
According into Microsoft, over 6 million organizations about the planet are using Azure AD.
What can you perform with Azure AD:
Azure AD lets you create and manage groups and users and the ability to permit or refuse access to enterprise resources.
Connect on-premise directories and also utilize 1 identity to get applications
Remote accessibility to on-premise applications
Azure AD supports many SaaS applications for example Office 365, Google Apps, Salesforce, Workday, Servicenow, Canvas, and box.
Azure AD provides self-service capabilities like password management, group management, application requests and application administration.
Offer B2B and B2C accessibility
Application proxy: Publish applications inside a private network and also discuss it with customers outside your system
Azure Active Directory Editions
There are 3 tiers of Azure Active Directory: Free, Basic and Premium. Key attributes for every tier is listed below
Synchronization or federation with on-premises directories via Azure AD Connect (sync engine)
User/team direction (add/update/delete), user-based provisioning, device registration
Single sign-on (SSO)
Self-service password modification to users Security and utilization reports
Basic: Includes all the attributes in free tier and the following
Group-based access management and provisioning
Self-service password reset for cloud clients
Company branding (log-on webpages, Access Panel, customization)
Enterprise SLA of 99.9percent
Premium: Includes all the attributes in Free and Basic and the following
Self-service team and program management, self-service application additions, dynamic classes
Self-service password reset, alter and unlock with on-premises write-back
Multi-factor authentication (cloud and on-premises, MFA Server)
MIM CAL + MIM Server
Cloud App Discovery
Automatic password rollover for category balances
Azure Active Directory: Capabilities
Azure Active Directory: Identity as a Service (IDaaS) Provider
“Azure Active Directory (Azure AD) is an identity and accessibility management-as-a-service (IDaaS) solution that combines
single-on capabilities to some cloud and on-premises application with innovative protection. It gives your visitors, spouses,
and clients that a single identity to get the applications they need and collaborate from any platform and device. And
because it’s predicated on scalable management capabilities and risk-based access guidelines, Azure AD helps guarantee security and
streamline IT processes. ” – Microsoft
Azure Active Directory: Identity Secure Score
To assist users maintain a close watch on their security configuration and measure it against best practices, Azure AD computes identity protected score and provides recommendations to improve security.
Azure monitors client’s security configuration each 48 hours, contrasts settings with best practices and provides an identity protected rating between 1(lowest possible rating ) and 248 (highest possible rating ).
Identity Secure Score: Available for several editions of Azure AD
Azure Active Directory reports
Azure active directory provides two kinds of reports, and security reports and activity reports. These reports give users a comprehensive view of activity in their environment.
- Security reports: You have two sorts of security reports, users that are flagged as risk and risky sign-ins
- Activity reports: The 2 kinds of activity reports are audit logs and sign-in activity
Azure Active Directory Pricing:
Pricing varies according to the form of Azure AD edition, Free, Basic, Premium P1, also Premium P2. Users may acquire free single sign-on for around 10 programs per user, 500,000 directory items and completely free access to premium attributes for 30 days.
|Edition||Pricing each user/month|
|Premium P1||$6 )|
For more details and latest information on pricing please visit Azure AD Pricing
Azure Active Directory: B2C
Azure Active Directory (Azure AD) B2C is a cloud-based consumer identity management service which may be used to customize and control user interaction with web, desktop, mobile, and single-page applications. Using this service, end users may sign up, sign in, reset passwords, and edit profiles.
Azure Active Directory B2B
Azure Active Directory business-to-business (B2B) is a cloud-based service which may be used to collaborate, by firmly sharing applications with customers from other organization.
Azure Active Directory B2B utilizes an invitation and redemption process to share sources. This enables outside organizations, even the ones which aren’t using Azure AD to utilize their particular credentials to get your business resources.
Azure AD business-to-business APIs may be used to customize the invitation and redemption procedure, and to build self-service sign-up portals.
Azure Active Directory (AD) Domain Services
Azure AD Domain Services provides handled cloud-based domain services like domain join, group policy, LDAP & Kerberos/NTLM authentication in Azure. This service is totally compatible with Windows Server AD.
Administrators deploy domain controllers while migrating on-premise applications to cloud in order to manage the identity of applications.
Azure AD Domain Service, which is essentially a domain controller for a service makes migrating to Azure an easier procedure.
Application direction with Azure Active Directory
Azure Active Directory (Azure AD) may be utilized to provide end users secure access to on-premise and cloud hosted applications.
Some of all the key benefits of using Azure AD is automatic user provisioning, cloud-scale identity protection, multi-factor authentication, conditional access policies and single-sign-on.
Azure AD Connect
Azure AD Connect is a tool designed to provide hybrid identity administration. It substituted Microsoft’s earlier identity integration programs like DirSync and Azure AD Sync.
The tool lets users join their on-premise identity infrastructure with the cloud-based Azure Active Directory. Features include password hash synchronization, pass-through authentication, federation integration, synchronization and health-monitoring.
The Azure AD Connect tool could be hosted in the cloud using Azure IaaS.
Potentially faster provisioning and lower cost of operations
Integrators and Competitors:
In October 2017, AWS established AWS Directory Service for Microsoft Active Directory (Standard Edition), also called AWS Microsoft AD. Built at the top of Microsoft Active Directory, the service empowers AWS users to utilize Microsoft Active Directory to handle their customers, groups, and devices.
Though Google Cloud Identity is not a directory service, it may be used to handle customers, devices and applications.