Azure Active Directory

Some characteristics of Azure AD

  • Azure AD is a PaaS offering.

  • Service that do not need any deployment of resources.

  • Free with any Azure subscription (free tier).

  • Solution for identity management/authentication/authorization over cloud resources.

  • Should not be confused with Active Directory Domain Services. Do not have the same characteristics and purposes.

  • Offer a Single Sign On experience (users do not have to authenticate multiples times to access each resources).

  • Enable MFA on your cloud-based web applications (Premium version).

  • In Azure AD, a tenant represents an individual Azure AD instance.

  • Unlike AD DS, no hierarchy and Organizational Units (OU) that aim to organize the objects are part of the Azure AD (flat instance).

  • Make use of OpenID for authentication and OAuth for authorization.

  • Works over the HTTP/HTTPS protocols.

  • Use OAuth for authorization and OpenID, SAML and WS for authentication.

  • Azure AD connect allows the integration of on-premise Windows AD DS within Azure AD.

1 subscription = 1 Azure AD tenant. However, 1 AD tenant can be associated with more than one subscription.

Azure AD can be integrated to AD DS through Active Directory DS services. Thus Azure AD can be integrated to environments that has applications and services using Kerberos or NTLM authentication.

Four subscription levels

  • Free

  • Microsoft 365

  • Premium 1 (P1)

  • Premium 2 (P2)

Roles in Azure AD

Global Administrator: Can read and modify any configuration within Azure AD. It is suggested that less than five users are granted this role.

Azure Active Directory Domain Service (Azure AD DS)

Extends the capacity of Azure AD to be integrated with on-premise Active Directory and functionality of Windows Server.

  • Offer a full synchronization and integration with Azure AD.

  • Supports NTLM/Kerberos authentication.

  • Users can use the same credentials over Azure AD and Azure AD DS.

  • Offer resiliency against data failure due to the multiple existing cloud domain controllers.

Azure AD Users

Users are defined within three categories

  • Cloud identities - Azure AD users only

  • Directory-synchronized identities - Users from on-premise AD DS.

  • Guest - Users from outside Azure.

Azure AD Groups

PreviousAzure Services and TechnologiesNextAzure Resources

Last updated