Azure Active Directory and its features
All IT administrator will be aware of Microsoft Windows Onpremise Active directory through which users, workstations and enterprise identity was managed for decades. But, as the year progressed along with technology enhancements, Microsoft has introduced a successor of Microsoft Windows Onpremise Active directory(AD) known as Azure Active directory (Azure AD) which is a cloud based version of AD.
What is Azure Active Directory ?
Microsoft Windows Azure Active Directory (also known as Azure AD) is a cloud service platform that allows administrators to manage end-user identities and access privileges. Core directory, access management, and identity protection are among its services.
With Azure AD, the administrators can handle multiple user logins without any issue. Administrators need to assign a single username and password to access all the services they required.
The Azure AD service allows administrators to choose which information stays in the cloud, who can manage or use it, which services or applications can access it, and which end users can access it. Azure AD can help with single sign-on (SSO), which eliminates the need for end users to enter passwords multiple times to access cloud applications.
Enterprise organizations have adopted Azure AD to manage resources like Microsoft 365 services, Azure cloud services and various other software as a service applications.
Why Organizations prefer Microsoft Azure AD ?
Azure AD is similar to Onpremise AD, it can be easily installed and managed in the cloud infrastructure. It provides the required security features, Identity and access restrictions, it can manage everything from user level access to application management, network management and also third party application collaborations and so on.
There are many enterprise organizations who use both Onpremise AD and Azure AD which is collectively called an Hybrid environment (Onpremise + Cloud). It is quite flexible in terms of management as its everything on the Cloud infrastructure which is managed by Microsoft itself.
Azure AD can also be deployed by medium and small scale companies, the most important feature is cost flexibility, it reduces company cost on server infrastructure.
How does Azure AD works?
Azure AD is an identity and access management service (IDAM) which secure online authentication store for individual user profiles and groups of user profiles. Azure Active Directory is designed to manage access to cloud-based applications and servers that use modern authentication protocols like SAML 2.0, OpenID Connect, OAuth 2.0, and WS-Federation.
User accounts with a username and password are used to manage access in Azure AD. Users can be divided into groups and assigned different access privileges for individual applications. To grant user access through cloud applications, identities can be created for Microsoft or third-party software as a service (SaaS).
Azure AD also allows SingleSignOn(SSO) feature which helps users to connect to different SaaS applications without prompting each and every time to login with their user credentials. Azure AD generates access tokens, which are stored locally on employee devices and may have expiration dates. Multifactor Authentication(MFA) or Second factor authentication(2FA) can also be enabled in Azure AD tenant for providing additional security when users are signing into their accounts.
What are the options to get Azure AD cloud service?
Azure AD can be obtained by provisioning any of the four licensing plans as per Microsoft recommendation.
Azure AD Free Licensing
Azure AD Premium P1
Azure AD Premium P2
“Pay as you go” feature licenses
Azure AD Free licensing: Provides user and group management, on-premises directory synchronisation, basic reports, cloud user self-service password change, and single sign-on across Azure, Microsoft 365, and many popular SaaS apps. But it does not include IAM for Office 365, premium features, hybrid identities, conditional access, identity protection, identity governance, and advanced group access management. As it’s a basic plan, organizations mostly use for testing purposes and it cannot be used as a full package as there are number of limitations in services.
Azure AD Premium P1:
Premium P1 provides hybrid users with access to both on-premises and cloud resources. It also supports advanced administration features such as dynamic groups, self-service group management, Microsoft Identity Manager, and cloud write-back capabilities, which enable on-premises users to reset their own passwords. Licensing cost: $6 per user per month.
Azure AD Premium P2:
Premium P2 provides Azure Active Directory Identity Protection to assist in providing risk-based Conditional Access to your apps and critical company data, as well as Privileged Identity Management to assist in discovering, restricting, and monitoring administrators and their access to resources, as well as providing just-in-time access when needed.
Licensing cost: $9 per user per month.
“Pay as you go” feature licenses Microsoft provides additional feature licenses, such as Azure Active Directory Business-to-Customer (B2C). Identity and access management solutions for customer-facing apps can be provided by B2C.
Kindly refer the below Microsoft article that provides detailed purchasing options for pay-as-you-go Azure services. https://azure.microsoft.com/en-gb/pricing/purchase-options/pay-as-you-go/
Azure AD Security Features:
Below are the list of Azure AD key security features that can be utilised when implemented.
Azure role-based access control (Azure RBAC)
Security monitoring, alerts, and machine learning-based reports
Consumer identity and access management
Privileged identity management
Hybrid identity management/Azure AD connect
Azure AD access reviews
Comparison on Microsoft's On-premise AD vs Microsoft's Azure AD
We have come to the end of our discussion on Azure Active directory, licensing plans, security features and comparison chart between Onpremise AD and Cloud Azure AD.
Hope you have enjoyed reading this article, provide your feedback and questions on the below comments.
You can also join our community, by subscribing to our website and getting all the latest updates on Cloud technologies.