Azure Active Directory (AD) is the heart of everything inside of Microsoft Azure. All Azure services are depending on it and using it for Identity Management in the Microsoft Cloud. Office 365, Intune, Exchange Online, and Enterprise Mobility Suite are all examples of Azure Services that depend on Azure AD for both security and identity management. When implemented correctly, all of your custom applications, which are hosted in Azure or somehow integrated with Azure services, are using Azure AD as well.
That is why Azure AD is high on the agenda of Microsoft and it is constantly evolving. In this article, I want to give an overview of the different flavors of Azure AD and where it stands currently. What once started as a basic user directory, has now become something much more than that.
Azure Active Directory
As pointed out before, Azure AD is the heart of everything inside of Azure. Plain Azure AD, is the root service, where you create the user accounts for your organization. It can also be used for application access management. It is designed for a single tenant, so it is designed for a single organization. This does not mean that it does not support a multi-domain environment but there are differences and restrictions. Azure AD has been set up using a different architecture as the Windows Server AD was set up many years ago.
Customers that are using Office 365, Intune, or Dynamics CRM online are not always aware of the fact that they are using Azure AD. It can easily be integrated with an existing Windows Server AD using AAD Connect. The on-premises identity investments that are already made by organizations, can be leveraged in the cloud as well.
Azure AD also consists of a full suite of enterprise identity management capabilities, which are now available for the smaller companies as well for a fair cost. It includes Multi-Factor Authentication, device registration, self-service password management, self-service group management, privileged…