WHAT IS AZURE ACTIVE DIRECTORY
Azure Active Directory (Azure AD) is Microsoft’s multi-tenant cloud based directory and identity management service. For IT Admins, Azure AD provides an affordable, easy to use solution to give employees and business partners single sign-on (SSO) access to thousands of cloud SaaS Applications like Office365, Salesforce.com, DropBox, and Concur.
For application developers, Azure AD lets you focus on building your application by making it fast and simple to integrate with a world class identity management solution used by millions of organizations around the world.
Azure AD also includes a full suite of identity management capabilities including multi-factor authentication, device registration, self-service password management, self-service group management, privileged account management, role based access control, application usage monitoring, rich auditing and security monitoring and alerting. These capabilities can help secure cloud based applications, streamline IT processes, cut costs and help assure corporate compliance goals are pan>
Additionally, with just four clicks, Azure AD can be integrated with an existing Windows Server Active Directory, giving organizations the ability to leverage their existing on-premises identity investments to manage access to cloud based SaaS applications.
If you are an Office365, Azure or Dynamics CRM Online customer, you might not realize that you are already using Azure AD. Every Office365, Azure and Dynamics CRM tenant is actually already an Azure AD tenant. Whenever you want you can start using that tenant to manage access to thousands of other cloud applications Azure AD integrates with!
WHAT ARE THE BENEFITS OF AZURE AD?
- Quickly adopt cloud services, providing employees and partners with an easy single-sign on experience powered by Azure AD’s fully automated SaaS app access management and provisioning services capabilities.
- Empower employees with access to world class cloud apps and service and self-services capabilities from wherever they need to work on the devices they love to use.
Easily and securely manage employee and vendor access to your corporate social media accounts.
- Improve application security with Azure AD multifactor authentication and conditional access.
- Implement consistent, self-service application access management, empowering business owners to move quickly while cutting IT costs and overhead.
- Monitor application usage and protect your business from advanced threats with security reporting and monitoring.
- Secure mobile (remote) access to on-premises applications.
Overview of Azure Active Directory (AAD)
- AAD is a multi-tenant cloud-based directory and identity management system.
- AAD is a Platform as a service (PaaS) offering.
- Included numerous identity management capabilities, including:
- Multi-factor authentication (MIFA).
- Device registration.
- Self-service password management.
- Self-service group management.
- Privileged account management.
- Role-based access control(RBAC).
- Application usage monitoring.
- Auditing and security alerts.
- Can integrate with on-premises Active Directory Directory Services (AD DS)
- Provides authentication and authorization for cloud identity, synchronised identity, and federated identity.
- No support for Group Policy Settings.
- No support for Organization Unit (OU) or computer objects.
- No Support for Forests (relies on federation to extend scope)
Azure Active Directory Editions
To enhance your Azure Active Directory, you can add paid capabilities using the Azure Active Directory Basic, Premium P1, and Premium P2 editions. Azure Active Directory paid editions are built on top of your existing free directory, providing enterprise class capabilities spanning self-service, enhanced monitoring, security reporting, Multi-Factor Authentication (MFA), and secure access for your mobile workforce.
The Azure Active Directory Pricing page has detailed information on what is included in each of the editions.
Azure Active Directory Basic – Designed for task workers with cloud-first needs, this edition provides cloud centric application access and self-service identity management solutions. With the Basic edition of Azure Active Directory, you get productivity enhancing and cost reducing features like group-based access management, self-service password reset for cloud applications, and Azure Active Directory Application Proxy (to publish on-premises web applications using Azure Active Directory), all backed by an enterprise-level SLA of 99.9 percent uptime.
Azure Active Directory Premium P1 – Designed to empower organizations with more demanding identity and access management needs, Azure Active Directory Premium edition adds feature-rich enterprise-level identity management capabilities and enables hybrid users to seamlessly access on-premises and cloud capabilities. This edition includes everything you need for information worker and identity administrators in hybrid environments across application access, self-service identity and access management (IAM), identity protection and security in the cloud. It supports advanced administration and delegation resources like dynamic groups and self-service group management. It includes Microsoft Identity Manager (an on-premises identity and access management suite) and provides cloud write-back capabilities enabling solutions like self-service password reset for your on-premises users.
Azure Active Directory Premium P2 – Designed with advanced protection for all your users and administrators, this new offering includes all the capabilities in Azure AD Premium P1 as well as our new Identity Protection and Privileged Identity Management. Azure Active Directory Identity Protection leverages billions of signals to provide risk-based conditional access to your applications and critical company data. We also help you manage and protect privileged accounts with Azure Active Directory Privileged Identity Management so you can discover, restrict and monitor administrators and their access to resources and provide just-in-time access when needed.
More reading on Azure Active directory here