Azure Active Directory

by topic_admin

Azure Active Directory, known as Azure AD, is Microsoft’s cloud-based identity and access management service which provides IT administrators the ability to handle user identities and access privileges. It combines directory services, innovative identity governance, and application access management under a single roof.

The service provides developers a standardized strategy to include single sign-on (SSO) for their application. Microsoft’s cloud-based services for example Office 365, Microsoft Azure and Dynamics 365 usage Azure Active Directory for sign-in and identity protection.

According into Microsoft, over 6 million organizations about the planet are using Azure AD.

What can you perform with Azure AD: 

  • Azure AD lets you create and manage groups and users and the ability to permit or refuse access to enterprise resources. 

  • Connect on-premise directories and also utilize 1 identity to get applications

  • Remote accessibility to on-premise applications

  • Azure AD supports many SaaS applications for example Office 365, Google Apps, Salesforce, Workday, Servicenow, Canvas, and box.

  • Azure AD provides self-service capabilities like password management, group management, application requests and application administration. 

  • Multi-factor authentication

  • Offer B2B and B2C accessibility

  • Application proxy: Publish applications inside a private network and also discuss it with customers outside your system

Azure Active Directory Editions

There are 3 tiers of Azure Active Directory: Free, Basic and Premium. Key attributes for every tier is listed below


  • Synchronization or federation with on-premises directories via Azure AD Connect (sync engine)

  • Directory objects

  • User/team direction (add/update/delete), user-based provisioning, device registration

  • Single sign-on (SSO)

  • Self-service password modification to users Security and utilization reports

Basic: Includes all the attributes in free tier and the following

  • Group-based access management and provisioning

  • Self-service password reset for cloud clients

  • Company branding (log-on webpages, Access Panel, customization)

  • Application Proxy

  • Enterprise SLA of 99.9percent

Premium: Includes all the attributes in Free and Basic and the following

  • Self-service team and program management, self-service application additions, dynamic classes

  • Self-service password reset, alter and unlock with on-premises write-back

  • Multi-factor authentication (cloud and on-premises, MFA Server)

  • MIM CAL + MIM Server

  • Cloud App Discovery

  • Connect Health

  • Automatic password rollover for category balances

Azure Active Directory: Capabilities

Azure Active Directory:  Capabilities Azure Active Directory: Identity as a Service (IDaaS) Provider

“Azure Active Directory (Azure AD) is an identity and accessibility management-as-a-service (IDaaS) solution that combines
single-on capabilities to some cloud and on-premises application with innovative protection. It gives your visitors, spouses,
and clients that a single identity to get the applications they need and collaborate from any platform and device. And
because it’s predicated on scalable management capabilities and risk-based access guidelines, Azure AD helps guarantee security and
streamline IT processes. ” – Microsoft

Azure Active Directory: Identity Secure Score

To assist users maintain a close watch on their security configuration and measure it against best practices, Azure AD computes identity protected score and provides recommendations to improve security.

Azure monitors client’s security configuration each 48 hours, contrasts settings with best practices and provides an identity protected rating between 1(lowest possible rating ) and 248 (highest possible rating ).

Azure AD's identity secure score is number between 1 and 248 that functions as an indicator for how aligned your configuration is with Microsoft's best practices recommendations for security.
Identity Secure Score: Available for several editions of Azure AD

Azure Active Directory reports

Azure active directory provides two kinds of reports, and security reports and activity reports. These reports give users a comprehensive view of activity in their environment.

  • Security reports: You have two sorts of security reports, users that are flagged as risk and risky sign-ins
  • Activity reports: The 2 kinds of activity reports are audit logs and sign-in activity

Azure Active Directory Pricing:

Pricing varies according to the form of Azure AD edition, Free, Basic, Premium P1, also Premium P2. Users may acquire free single sign-on for around 10 programs per user, 500,000 directory items and completely free access to premium attributes for 30 days.

Edition  Pricing each user/month
Basic $1
Premium P1 $6 )
Premium P2 $9

For more details and latest information on pricing please visit Azure AD Pricing

Azure Active Directory: B2C

Azure Active Directory (Azure AD) B2C is a cloud-based consumer identity management service which may be used to customize and control user interaction with web, desktop, mobile, and single-page applications. Using this service, end users may sign up, sign in, reset passwords, and edit profiles.

Azure Active Directory B2B

Azure Active Directory business-to-business (B2B) is a cloud-based service which may be used to collaborate, by firmly sharing applications with customers from other organization.

Azure Active Directory B2B utilizes an invitation and redemption process to share sources. This enables outside organizations, even the ones which aren’t using Azure AD to utilize their particular credentials to get your business resources.

Azure AD business-to-business APIs may be used to customize the invitation and redemption procedure, and to build self-service sign-up portals.

Azure Active Directory (AD) Domain Services

Azure AD Domain Services provides handled cloud-based domain services like domain join, group policy, LDAP & Kerberos/NTLM authentication in Azure. This service is totally compatible with Windows Server AD.

Administrators deploy domain controllers while migrating on-premise applications to cloud in order to manage the identity of applications.
Azure AD Domain Service, which is essentially a domain controller for a service makes migrating to Azure an easier procedure.

Application direction with Azure Active Directory

Azure Active Directory (Azure AD) may be utilized to provide end users secure access to on-premise and cloud hosted applications.

Some of all the key benefits of using Azure AD is automatic user provisioning, cloud-scale identity protection, multi-factor authentication, conditional access policies and single-sign-on.

Apps federated via Azure AD

Azure AD Connect

Azure AD Connect is a tool designed to provide hybrid identity administration. It substituted Microsoft’s earlier identity integration programs like DirSync and Azure AD Sync.

The tool lets users join their on-premise identity infrastructure with the cloud-based Azure Active Directory. Features include password hash synchronization, pass-through authentication, federation integration, synchronization and health-monitoring.

The Azure AD Connect tool could be hosted in the cloud using Azure IaaS. 

  • Potentially faster provisioning and lower cost of operations

  • Increased availability

Architecture to operate Azure AD Connect Tool to a Azure IaaS
virtual machine

Integrators and Competitors:

In October 2017, AWS established  AWS Directory Service for Microsoft Active Directory (Standard Edition), also called AWS Microsoft AD. Built at the top of Microsoft Active Directory, the service empowers AWS users to utilize Microsoft Active Directory to handle their customers, groups, and devices.

Though Google Cloud Identity is not a directory service, it may be used to handle customers, devices and applications.

Related Articles

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept