Microsoft Azure

What is Azure Active Directory?

question-mark-aspect-hero

In today’s Ask the Admin, I’ll explain what Azure Active Directory is and how is works compared to Windows Server Active Directory.

You’ve probably heard of Azure Active Directory (AAD) even if you don’t know how it differs from Active Directory in Windows Server. Azure AD is a multi-tenant cloud-based directory and identity management service that offers a subset of the services of Windows Server AD but in the cloud.

Identity management in the cloud (Image Credit: Microsoft)
Identity management in the cloud (Image Credit: Microsoft)

While AAD doesn’t support all the services provided by Windows Server AD, Microsoft is gradually expanding AAD’s capabilities. For example, Azure AD Domain Services was released in preview last October and provides features, such as native domain-join, Group Policy, Kerberos and NTLM authentication, and Lightweight Directory Access Protocol (LDAP) access to the directory. For more information, see What is Azure AD Domain Services? on the Petri IT Knowledgebase.

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.

Cloud, Synchronized, and Federated Identities

While intended primarily for cloud-born apps — Office 365 uses AAD for identity management for example — AAD can also be integrated with on premise Active Directory for the purposes of simplifying identity management in hybrid cloud environments. As such, AAD offers several different types of identity.

Azure Active Directory identities (Image Credit: Microsoft)
Azure Active Directory identities (Image Credit: Microsoft)

Cloud identities exist only in AAD and require organizations to manage usernames and passwords separately from Windows Server Active Directory. Windows Server AD user accounts can be synchronized to AAD, and optionally password hashes. Azure AD Connect replaces the DirSync tool that was previously the standard means of synchronizing Windows Server AD accounts with Office 365 and Azure AD. Synchronized identities have the same password in the cloud as in Windows Server Active Directory but users need to sign in again to access cloud services.

Federated identities use Windows Server Active Directory for user authentication, connecting the onsite service to AAD using Active Directory Federation Services (ADFS). Federated identities are the only way to provide true single sign-on capabilities. Other advantages include the ability to continue using onsite multifactor authentication, password hashes are never synchronized to the cloud, users can be blocked immediately and logon restrictions set in AD are honored.

Identity Management for the Cloud

The ability to quickly provision AAD in the cloud allows developers to concentrate on the nitty gritty of writing their applications, leaving AAD to provide identity management services. Multifactor authentication is also supported for additional security. It’s also worth noting that Windows 10 can be joined to AAD giving users access to Windows Store for Business, Microsoft Passport, single sign-on to cloud apps and Azure AD Enterprise State Roaming.

AAD comes in three editions: Free, Basic, and Premium. The Free edition is limited to 500,000 user objects, while the Basic edition adds support for group-based access management and branding of the login pages. The Premium edition includes features such as self-service password reset and group management. More detailed information and prices can be found at Microsoft’s website.

 

 

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: