Azure AD is Microsoft’s cloud-based identity and access management (IAM) service. While sharing common technology with Active Directory Domain Services, Microsoft’s on-premises LDAP service and Azure Active Directory Domain Services, which provides Azure based managed domain services, Azure AD is designed to provide services which meet a different need. Azure AD has been optimised for the cloud and forms the backbone of all Microsoft’s cloud applications and services. At the time of writing there are four editions of Azure AD:
- Azure AD free
- Azure AD Office 365 apps
- Azure AD Premium 1
- Azure AD Premium 2
Each of these editions provide different features as outlined by Microsoft here. The free edition is included with a subscription of a commercial online service like Azure, Intune or Dynamics 365. Azure AD Office 365 apps is included with subscriptions to Office 365 plans and includes additional features on top of those included in the free version. The premium editions are available for purchase individually and are also available bundled with some Enterprise Mobility + Security and Microsoft 365 licenses.
WHY AZURE AD?
Technologies and protocols used inside the corporate network to provide single sign-on (SSO) and identity coherency are not very good at spanning the internet and often cannot utilise on-premises credentials. This can lead to the use of disparate username/password combinations for cloud applications. Azure AD uses cloud native authentication protocols which enable organisations to provide secure access to multiple cloud and on-premises services with a single set of login credentials.
WHO SHOULD USE AZURE AD?
Azure AD can be used by organisations to control access to their apps and app resources (both on-premises and cloud) based on business requirements. For example, businesses can use Azure AD to require multi-factor authentication (MFA) when users access important organisational resources. You can learn more about securing our environments with MFA in this blog.
App developers can also use Azure AD as a standards-based approach for adding SSO to their app allowing it to work with a user’s pre-existing credentials. Azure AD also provides APIs which help app developers build personalised app experiences using existing organisational data. Finally, Azure AD is the identity foundation for Microsoft 365, Office 365, Azure, or Dynamics CRM Online subscribers. If you already have a subscription to one or more of these services, you are already using Azure AD.
In summary, Azure AD provides a modern, standards based IAM which can be utilised for not only the Microsoft cloud subscriptions, but a plethora of 3rd party cloud and on-premises applications and services.
For an entertaining look into the world of Identity and Security, grab a Late Night Brew with my colleagues Buk and Edmond.