In this post, I will try to clarify the doubts around Azure AD.
What is Azure AD and what its not?
Azure AD is the Active Directory services hosted at Microsoft datacentres and provided as a service (SaaS) to its customer. Its extremely reliable and secure.
Like On premise AD it provides Authentication (User ID & Password) and authorization (access to services).
It doesn’t provide domain controllers in Azure and group policies. You cannot create trusts between different AD forests\domains.
Its not a replacement of On premise AD (for medium to large organization). In fact it complements the On premise AD in today’s cloud world.
You can connect your On Premise AD with Azure AD and keep them synchronized.
It doesn’t have all the flexibility and control you have with On Premise AD, you will have to use the features that Microsoft offers.
What is the purpose of Azure AD?
It helps organization Increase productivity by allowing users to access business applications from anywhere using single identity with required controls and security. Also, get self service for passwords, account unlocks and groups management.
It allows organization to easily achieve Single Sign-on (SSO) with cloud applications such as SAPBYD, JIRA, O365, G-Suite, Salesforce etc. and on premise applications. So, they will have a single identity for all the business application resulting in ease of management with increased security.
Automate user provisioning and de-provisioning in multiple systems (a very costly, error prone and inefficient process otherwise)
Increase security by using features like multi-factor authentication, Conditional Access, Identity Protection and Privilege Identity management.
Helps to achieve digital transformation.
How to get Azure AD?
If you are using Microsoft Online services like O365, Azure, you already have Azure AD.
If not, you can sign-up for free or paid versions and start using Azure AD.
What you get with Free Azure AD?
Manage Users, Groups and Sync with your On premise AD – One way from On premise AD to Azure AD.
Ability to join devices to Azure AD.
You can have a maximum of 500K objects in Azure AD.
Configure single Sign-on with Cloud Apps (pre-integrated in the marketplace apps – they are in thousands and you will find most popular ones easily) with a limit of 10 apps per user at a time.
User can change their password but self service password reset is not included.
You get basic reporting.
What you get with Azure AD Basic (Paid)?
You get everything that comes with free.
You can do SSO for on premise Apps by using Application proxy.
You can use Group based access management.
Users can do self-service for password resets.
You get to do company branding of Azure AD.
And you get a SLA (99.9%)
What you get with Azure AD P1 (Paid)?
You get everything that comes with free & basic.
Almost complete Identity self service – Password reset, change & unlock, group & app management and dynamic groups.
You get two-way synchronization between On premise and Azure AD & Sync monitoring capabilities.
You get option to use Multi-factor authentication and Cloud app discovery (ability to find the not controlled SaaS apps in use)
You get to use conditional access – you can configure access to services from specific location or devices.
And advanced reporting.
What you get with Azure AD P2 (Paid)?
Yes, everything with free, basic and P1!
You get Identity protection – auto detect suspicious activities and automate actions.
You get privilege identity management – ability to elevate admin permissions only for the period of time its required.
You get MDM auto-enrolment (auto-enroll Azure Ad joined devices to MDM solution) and Enterprise State roaming (Synchronize user and application settings in a secure and controlled manner).