First, a small clarification for entrants: Nowadays a big confusion exists among the IT folks for Active Directory. If you had worked on Active Directory in the past and asked anyone about Microsoft Identity or Directory services, you must have received a simple answer i.e. Active Directory or Windows Server Active Directory. However, people who still worked on Active Directory they know multiple variations of Active Directory. All of these confusions came up in existence because of cloud. Let me explain these variations in a simplest form:
- Windows Server Active Directory (Native)
- Azure Active Directory (Identity as a Service)
- Active Directory on Azure (Basically Windows Server Active Directory on Azure IaaS)
In this article, I’ll explain Azure Active Directory (a.k.a. Azure AD) in detail:
Azure AD is an Identity and access management service provided by Microsoft Azure. It is a multi-tenant, cloud based identity and was initially started with Microsoft Office 365 (formerly known as BPOS). It provides identity and access management for SaaS offerings as well as for core infrastructure and platform services. When setup your Microsoft Azure or Office 365 subscription first-time, by default an Azure AD tenant created for your subscription. Azure AD is also an integral part of Microsoft Enterprise Mobility Suite (EMS) and not limited to only identity services. It also provides advance protection services such as MFA and threat management services such as security reports, audits, alerts and adaptive conditional access policies based on device health, user location and risk level. Apart from these unique features Azure AD can be synced with on-premise Windows Server Active Directory through Azure AD Connect and provides many user/admin friendly features such as self-service password management, self-service group management, privileged account management, role based access control, dynamic group membership etc. Some unique set of capabilities such as application proxy to publish your intranet web applications is also part of the Azure AD.
Courtesy: Microsoft Ignite
Nevertheless, one blog post can’t explain you an ocean of Azure AD in one place. Let me explain different editions of Azure AD that fits in different requirements/scenarios.
Azure AD Free: Free always looks good to everyone It comes with all Azure subscription by default and offers all common set of identity features without any cost.
Azure AD Basic: It meant for cloud focused and cloud-first needs, and provides distinct functionality such as single sign-on experience for cloud centric applications, self-service password reset for cloud users along with group based access management. It also provides some great tools such as application proxy to publish your on-premises web applications using Azure AD, customized logon page, and all backed by an enterprise level SLA of 99.9% uptime.
Azure AD Premium P1: It can be seen as a top up on Azure AD Basic and provides great capabilities for hybrid identity environments. It is a complete suite for enterprise identity needs and provides features such as self-service group and app management, self-service password management and write back, device objects two-way synchronization between on-premises directories and Azure AD (Device write-back), Multi-Factor Authentication, Cloud App discovery, and many more.
Azure AD Premium P2: It is basically designed for advanced identity protection and privileged identity management, and covers all necessary security related concerns on top of Azure AD Premium P1. Azure advanced identity protection helps you to leverage inbuilt intelligence to control access to your applications and critical organization data based on user risk profile dynamically. While Azure AD privileged identity management allows you to control administrators access to resources and provide just-in time access based on the need.
Now, let’s see how to create an Azure AD tenant.
- Login to your Azure subscription.
Look at the left panel and click on +New.
Look for Azure Active Directory in Azure Marketplace search window.
Click on Create from Azure Active Directory panel.
Now fill the organization name, intial domain name and select the “Country or region” and click on create.
Once directory created then you can click on “here” and play with your Azure AD.
You can also select or switch between directories from top right user panel.