Overview of Azure Active Directory
IT Tips & Insights: Get an overview of Azure Active Directory, and learn what the service can do for you.
By Michael Lobo, Site Reliability Engineer
Azure Active Directory is a cloud-based identity and access management service, also referred to as a comprehensive identity as a service (IDaaS) solution that spans all aspects of identity, access management and security.
Azure AD is a highly important part of any cloud infrastructure and can also be integrated to the current on-prem solution for authentication and authorization. For IT admins, the service can help control access to apps and its resources based on your needs. For example, you can use it to require MFA when any non-read access user attempts to access the environment.
For app developers it can be used to add single sign-on (SSO) to the apps, allowing you to maintain only one set of credentials. Another advantage is the APIs that you can use to build custom app experiences using existing data.
While the main product remains free with a handful of features like on-prem synchronization, user and group management, self-service password reset (SSPR) for cloud users and SSO across Microsoft products and many other SaaS apps, there are three other available options that will provide additional premium features.
AAD Premium P1
In addition to the Free features, this version also provides premium features like SSPR with on-prem write back, Microsoft Cloud App Discovery, Dynamic Groups, Group Naming Policy, Group Expiration and Usage Guidelines.
AAD Premium P2
Includes all Free and P1 features plus identity protection and identity governance features like Privileged Identity Management (PIM), Access Reviews, Entitlement Management, Vulnerabilities and Risky Accounts Detection, Risk Event Investigation and Risk-Based Conditional Access Policies.
Pay as you Go Licenses
This includes options like Azure Active Directory Business-to-Consumer (B2C) that can provide identity and access management solutions for customer-facing applications.
To conclude, Azure Active Directory is a key feature not only for your user(s), but also your apps on cloud. It’s highly important to adopt these capabilities for authentication and authorization even if the resources are going to remain on prem.
Hola! This is Michael from Costa Rica and I’ve been working with cloud (mostly Azure) infra for around 8 years now. I’m one of the SREs at Softensity, always eager to learn and assist others in anything possible. Thanks for reading my post feel free to reach me for comments/suggestions.