Azure Active Directory or Azure AD, as it is popularly know is is Microsoft’s multi-tenant, cloud-based directory, and identity management service. Azure AD combines core directory services, application access management, and identity protection in a single solution, offering a standards-based platform that helps developers deliver access control to their apps, based on centralized policy and rules.
Azure Active Directory (aka Azure AD) is a fully managed multi-tenant service from Microsoft that offers identity and access capabilities for applications running in Microsoft Azure and for applications running in an on-premises environment.
Azure AD is not a replacement for Windows Server Active Directory. If you already have an on-premises directory, it can be extended to the cloud using the directory integration capabilities of Azure AD. In these scenarios, users and groups in the on-premises directory are synced to Azure AD using a tool such as Azure Active Directory Sync (AAD Sync). This has the benefit of users being able to authenticate against Windows Server Active Directory when accessing on-premises applications and resources, and authenticating against Azure AD when accessing cloud applications. The user can authenticate using the same credentials in both scenarios.
Azure AD is the directory behind Microsoft Online Services subscriptions like Office 365, Dynamics CRM Online, Intune, etc. and is used to store user identities and other tenant properties. Just like the on-premises AD stores the information for Exchange, SharePoint, Lync and your custom LOB applications, Azure AD for instance stores the information for Exchange Online, SharePoint Online, Lync Online and any custom applications build in the Microsoft’s cloud (or in another cloud).
Azure AD is available in three different editions to choose from:
Azure AD enables a customer to start using its IdMaaS features with no on-premises footprint. Accordingly, Azure AD provides for hosted (cloud) identities where customers can create users, groups and other principals for their organization. The cloud identities are directly mastered in an Azure AD directory tenant.
Azure AD supports the following three directory integration scenarios:
Considering the above, Azure AD enables a seamless sign-in experience for identities that rely on password (hash of hash) synchronization (“same” sign-on) or a supported STS to federate between the on-premises and cloud directories (single sign-on).
Users can gain access to Azure AD or any other application that is integrated into Azure AD by authenticating to their Azure AD user accounts, either through a prompt to provide valid credentials or through a federated single sign-on process. Once authenticated, user’s identities refer to the user names associated with the Azure AD accounts.
Once upon a time, IT pros believed that the risks of a data breach and compromised credentials were high enough to delay putting data on the cloud. But over time with improved security, wider adoption and greater confidence, tech anxiety subsides and running cloud-based applications such as Microsoft’s subscription-based service Office 365 feels like a natural next step.
Azure Active Directory comes in four editions—Free, Basic, Premium P1, and Premium P2. The Free edition is included with an Azure subscription. The Basic and Premium editions are available through a Microsoft Enterprise Agreement, the Open Volume License Programme and the Cloud Solution Providers programme.
The different features and services available along with the different version are shown below: