Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET! Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET!
Microsoft Azure

What is Azure Active Directory?


In today’s Ask the Admin, I’ll explain what Azure Active Directory is and how is works compared to Windows Server Active Directory.

You’ve probably heard of Azure Active Directory (AAD) even if you don’t know how it differs from Active Directory in Windows Server. Azure AD is a multi-tenant cloud-based directory and identity management service that offers a subset of the services of Windows Server AD but in the cloud.

Identity management in the cloud (Image Credit: Microsoft)
Identity management in the cloud (Image Credit: Microsoft)

While AAD doesn’t support all the services provided by Windows Server AD, Microsoft is gradually expanding AAD’s capabilities. For example, Azure AD Domain Services was released in preview last October and provides features, such as native domain-join, Group Policy, Kerberos and NTLM authentication, and Lightweight Directory Access Protocol (LDAP) access to the directory. For more information, see What is Azure AD Domain Services? on the Petri IT Knowledgebase.

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

Cloud, Synchronized, and Federated Identities

While intended primarily for cloud-born apps — Office 365 uses AAD for identity management for example — AAD can also be integrated with on premise Active Directory for the purposes of simplifying identity management in hybrid cloud environments. As such, AAD offers several different types of identity.

Azure Active Directory identities (Image Credit: Microsoft)
Azure Active Directory identities (Image Credit: Microsoft)

Cloud identities exist only in AAD and require organizations to manage usernames and passwords separately from Windows Server Active Directory. Windows Server AD user accounts can be synchronized to AAD, and optionally password hashes. Azure AD Connect replaces the DirSync tool that was previously the standard means of synchronizing Windows Server AD accounts with Office 365 and Azure AD. Synchronized identities have the same password in the cloud as in Windows Server Active Directory but users need to sign in again to access cloud services.

Federated identities use Windows Server Active Directory for user authentication, connecting the onsite service to AAD using Active Directory Federation Services (ADFS). Federated identities are the only way to provide true single sign-on capabilities. Other advantages include the ability to continue using onsite multifactor authentication, password hashes are never synchronized to the cloud, users can be blocked immediately and logon restrictions set in AD are honored.

Identity Management for the Cloud

The ability to quickly provision AAD in the cloud allows developers to concentrate on the nitty gritty of writing their applications, leaving AAD to provide identity management services. Multifactor authentication is also supported for additional security. It’s also worth noting that Windows 10 can be joined to AAD giving users access to Windows Store for Business, Microsoft Passport, single sign-on to cloud apps and Azure AD Enterprise State Roaming.

AAD comes in three editions: Free, Basic, and Premium. The Free edition is limited to 500,000 user objects, while the Basic edition adds support for group-based access management and branding of the login pages. The Premium edition includes features such as self-service password reset and group management. More detailed information and prices can be found at Microsoft’s website.



Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.

Register for Advanced Microsoft 365 Day!

GET-IT: Advanced Microsoft 365 1-Day Virtual Conference - Live August 24th!

Join us on Tuesday, August 24th and hear from Microsoft MVPs and industry experts about how to take advantage of Microsoft 365 at a technical level and dive deep into the features and functionality that will make your environment more secure and compliant.


Sponsored By