What is Azure AD
Active Directory is Microsoft’s domain management software which controls all security functions within an organization affecting log-ins, password, accounts and security permissions to apps and data resources. Azure Active Directory is an extension for on-premises Active Directory implementations or can stand alone as a security product for Azure implementations that are not already part of a domain.
When using any kind of virtual or cloud resources, security controls are extremely important and AAD is the foundation for providing access controls even in hybrid implementations so that an on-premise presence and a cloud presence will work together on the same AD infrastructure. This is even more important when considering use for application development and integration with Office 365 especially when used remotely.
Microsoft provides a wide range of tools in Azure AD Connect which replaces older versions of identity integration tools such as DirSync and Azure AD Sync. With this latest version of Azure AD security and identity are synchronized when used together between the cloud and on-premise implementations. AD Connect is also an integration tool that allows for the use of single-user identities and single sign-on access (SSO) whether it’s in the office, on the cloud, or using Office 365.
Azure AD provides synchronization of user IDs, groups and other Active Directory objects so that all of these elements are present and up-to-date between the cloud and physical locations used by organizations. There are a variety of authentication methods which can be used especially in hybrid solutions. Choices can be made between such cloud authentication methods as Password Hash Synchronization or pass-through authentication and even federated authentication (AD FS). Additionally, Azure AD Connect Health allows for monitoring of Active Directory resources from a centralized location within the Azure portal.
Editions
As with all Microsoft products, there are a variety of editions for Azure Active Directory which provide sign-on and other security and identity needs. Subscription services to Microsoft Products like Office 365 and Microsoft Azure automatically provide for Azure Active Directory ase. This free edition of Azure Active Directory allows for management of user IDs, groups and synchronization with on-premise Active Directory implementations with all available sign-on capabilities for Azure, Office 365 and a wide range of SaaS applications including Google Apps and Dropbox among a few examples.
There are a few different addition levels of which an organization should be aware. These are Azure Active Directory Basic, Azure Active Directory Premium P1, and Azure Active Directory Premium P2
- Azure AD Basic – This edition is centered around cloud-based implementations for application access and self-service identity management which includes group-based access management, self-service password reset and Azure AD Application Proxy.
- Azure AD Premium P1 – this is an enterprise level edition which provides identity management for on-premise users, remote users and hybrid users accessing applications both locally and over the cloud. This edition includes support for self-service identity, access management, administration of dynamic groups including self-service group management, as well as Microsoft Identity Manager which is a suite of on-premise identity and access management tools.
- Azure AD Premium P2 – this edition includes all of the features of Azure AD Premium P1 with the addition of Identity Protection and Privileged Identity Management (PIM). Identity Protection provides management of conditional access to apps and critical data. PIM enhances management of privileged accounts tied to administrative access and other resources.
- Additional versions are available in a pay-as-you-go editions such as Azure AD B2C for ID and access control of public apps. Also, Azure Multi-Factor Authentication can be implemented on a per-user or per-authentication basis.
Benefits of Azure AD
Azure AD provides a wide range of benefits when used in both cloud-based and hybrid implementations (where on-premise and cloud resources are used together), assisting with:
- Single identity creation and management of all users within an entire organization while providing synchronization of users, groups and devices via Azure AD Connect.
- Leverage of Azure AD’s reliable HA for enterprise-class cloud presence with access management solutions.
- Control application security access with enforced rules-based policies that stretch across cloud-based applications and on-premise resources using Multi-Factor Authentication.
- Reduce support interaction and increase user productivity with the Azure AD MyApps portal to engage self-service password reset as well as manage group and application access requests.
- With Azure AD Application Proxy, a host of pre-integrated SaaS apps allow single sign-on access to a wide range of deployed apps within an organization.
Additional considerations regarding synchronization, authentication and health monitoring in relation to Azure AD Connect enhance the overall benefits for organizations. Synchronization links on-premise and cloud-based resources and, in conjunction with password write-back, keeps user IDs, groups and other objects, including passwords, seamlessly up-to-date. Authentication methods with hybrid identity solutions in mind, including cloud authentication features such as Password Hash Synchronization / Pass-through Authentication or federated authentication (AD FS), provide effective security solutions. Health monitoring is available in a centralized location within the Azure portal where Azure AD Connect provides viewing of all activity.
Intended Users
Azure AD is a cloud-based integrated Active Directory implementation which can be used at all levels within an organization just like an on-premise AD forest structure. User-classes include the following:
- IT administrators – with Azure AD Connect, admins can provide integration to existing Windows Server AD environments so that current on-premise resources and apps can be synchronized and managed with SaaS apps provided from the cloud. With increased security solutions, an organization can provide greater single sign on access and identity management for numerous apps hosted in cloud-based SaaS environments as well as those hosted on-premise. IT admins will find improved security over cloud-hosted resources with strengthened security, managed access control, collaborative enhancements and automated user identity lifecycle for assurance that compliance and security requirements are met.
- App Developers – key app and SQL developers will find Azure Active Directory, no matter the edition in use, includes a wide array of tools for integration with the latest identity management solutions. SSO self-service and access control management features allow developers a wider range of options for delivery of important apps.
- Office 365, Azure, or Dynamics CRM Online customers – tenants for these cloud-based products already use Azure AD so it can be put to use immediately with user access to cloud-base apps.
Getting Started with Azure AD
Administrators and developers can sign-up for 30-day trials of Azure AD to learn more about usage and implementation of the product.
For a quick start, sign onto the Azure Portal where you can access Azure AD and create a new basic-tenant. To begin, you’ll need a valid license and Global Administrator access in your portal account.
Creation of a new tenant for Azure Active Directory can be easily and quickly achieved. Here are some instructions for a fast start at building your Azure AD environment:
- Sign into the Azure portal using a Global administrator account as noted above in the requirements.
- Select Azure Active Directory from the portal dashboard.
- Choose create resources.
- Then select identity and Azure Active Directory. At this point, the create directory page will appear.
- Next, enter your organizational name.
- Then enter the organizational domain name.
- Lastly, choose the country or region which should already be set to United States and then select create.
The tenant will now be created with the domain matching the entries from the organizational and domain names.
To further manage the tenant, especially if this is for testing purposes, deletion can be completed very easily. Simply log onto the Azure portal and select Azure Active Directory and then the name of the tenant you have created where you can select to delete the directory on the tenant page. The tenant and all associated information will be deleted if you make this choice so make sure this action is taken with care.
Conclusion
Azure Active Directory provides an entire organization with an impressive range of tools for internal support well as user productivity. With SSO and a variety of self-service tasks available to users, password resets and security access requests to applications and resources all can be completed without interaction with a helpdesk. Azure Active Directory also provides an extended, consistent, synchronized management apparatus into cloud-hosted resources and apps for strengthened security and delivery at improved cost.
To learn more about Azure Active Directory, contact our experts at RoyalDiscount.com – your online source for cheap OEM, Retail & Cloud products.