What is Azure Active Directory

In this article you will learn what is Azure Active Directory, what are Azure Active Directory features, what licenses are provided by Azure AD, what features are provided by each license, and what is the difference between Azure Active Directory and on-premises Active Directory.

Watch the video

Watch this video for a deep dive session on Azure Active Directory (Microsoft Entra ID).

What is Azure Active Directory.

If we go by definition Azure Active Directory is a cloud-based identity and access management service. When we talk about identity, it can be a user, group, device, or an application. And access management is, what access you provide or what roles or permissions you assign to the users.

Azure Active Directory helps you to access Office 365 services, like Exchange Online, SharePoint Online, Microsoft Teams, or Microsoft Azure. Even you can deploy your own applications in Azure Active Directory and users can access those applications. Moreover, when you are completely hosted in Office 365, that means if your users are directly provisioned in Office 365, then the Authentication process or the sign-in process is handled by Azure Active Directory.

Azure Active Directory features

Apart from what be discussed above, there are other features as well those are provided by Azure Active Directory.

  1. You can build applications using Microsoft Identity Platform and users can sign-in to these applications using their Microsoft accounts. As an application developer you can use Azure Active Directory as a standards-based approach for adding single sign-on (SSO) to your application. Azure Active Directory also provides APIs. That can help you to build personalized application experience.
  2. With the help of Business to Business collaboration feature, you can securely interact with users those are located outside your organization.
  3. Using Business to Customer feature you can allow the customers to login to your applications using their local or the social accounts.
  4. You can secure your applications and the sign-in process using conditional access policies.
  5. You can register or join your devices with Azure AD and you can manage them through Microsoft Intune.
  6. You can use Azure AD Connect to provide a single user identity for authentication and authorization to all resources. You can synchronize the on-premise objects to Azure AD and they can use the same password to access Office 365 services.
  7. Using Privileged Identity Management you can manage, control and monitor the access within your organization.
  8. Azure Active Directory provides various types of reports that give you insights into the security and usage patterns in your environment.

Azure Active Directory licenses.

When you subscribe for an Office 365 Tenant, you automatically get Azure Active Directory. And you get access to all the free features of Azure Active Directory. But if you want to use more enhanced features of Azure Active Directory, then you can upgrade your subscription to either Azure AD Premium P1 or Premium P2 license.

So let’s understand in detail what all features are included in each type of license.

Azure AD Free Subscription

Azure Active Directory free subscription provides users and groups management, on-premises directory synchronization, you can run reports, you can set up self-service password change for cloud users, and single sign-on for Office 365 and Azure services.

Azure Active Directory Premium P1

With Azure AD Premium P1 license you get all the free features of Azure AD, and in addition to the Free features, Premium P1 license also lets your hybrid users access both on-premises and cloud resources. It also supports advanced administration such as dynamic groups, self-service group management, Microsoft Identity Manager, and password write-back. That allows self-service password reset for your on-premises users.

Azure Active Directory Premium P2

With Azure AD Premium P2 license you get all the features of Free subscription and Premium P1 license. In addition to this Premium P2 license also offers Conditional Access policies, and Privileged Identity Management.

Business-to-Customer

You can also get additional feature license such as Azure Active Directory Business-to-Customer. B2C feature helps you to provide identity and access management solutions for your customer-facing apps.

Azure Active Directory vs Active Directory Domain Services

Now let’s understand the difference between Azure Active Directory and Active Directory Domain Services (on-premise AD).

  1. In Active Directory, Administrators create users manually or they can use an in-house or automated provisioning system. In Azure Active Directory we can create users manually or we can synchronize the on-premise users to Office 365 using Azure AD Connect.
  2. In on-premise Active Directory, we create external users manually as regular users in a dedicated external AD forest. Whereas Azure Active Directory provides B2B feature. Through which we can manage the external identities.
  3. In Active Directory, administrators add members in groups manually, and then resources are assigned to the groups. But in Azure Active Directory, administrators can use a query to dynamically include users to the groups.
  4. Active Directory uses either Kerberos or NTLM to validate the user’s credentials. But Azure AD uses cloud-based authentication protocols to authenticate the users. For example, OAuth2, SAML, or WS-Security.
  5. In Active Directory, passwords are managed with the help of password policies based on the password length, expiry, and complexity of the passwords. Azure Active Directory enhances the passwords security with the help of MFA. It also provides password-less technology like FIDO2. Moreover, Azure AD provides self-service password reset system where users can change or reset their own passwords.
  6. Active Directory doesn’t support SaaS applications natively. If admins want to integrate SaaS applications with on-premise AD they need ADFS. But Azure Active Directory supports SaaS applications using OAuth2, SAML and WS-Fed protocols.
  7. In on-premise Active Directory, you can join the devices to the Active Directory domain, and you can manage them using group policies or System Center Configuration Manager (SCCM). But in Azure Active Directory, you can join your devices to Azure AD then you can implement conditional access policies, or you can enroll and manage these devices using Intune.

Conclusion

Now the question arises, which Identity solution you should choose for your organization. On-premise Active Directory or Azure Active Directory. If you are starting a new organization, you can choose Azure Active Directory. Because Azure AD can meet all of your requirements. And if you are already using On-premise Active Directory, you can add Azure Active Directory to your environment to manage your cloud infrastructure.

You might find our other articles on Microsoft Entra Cloud Sync and Azure AD Seamless SSO.

Join our YouTube channel for the latest videos on the Cloud technology and join our Newsletter for the early access of articles and updates.

Happy Learning !!