Azure AD or AAD (Azure Active Directory) is cloud based directory and identity management service by Microsoft. It provides centralized authentication mechanism for cloud based application for both users in cloud and users on-premises.
Azure AD is a great service if you are looking for SSO (single sign-on) for thousands of cloud SaaS applications like Office365, Facebook for Work, Salesforce.com, DropBox, or any cloud based LOB (Line of business application).
Azure AD also includes a full suite of identity management capabilities including multi-factor authentication, device registration, self-service password management, self-service group management, privileged account management, role based access control, application usage monitoring, rich auditing and security monitoring and alerting. These capabilities can help secure cloud based applications, streamline IT processes, cut costs and help ensure that corporate compliance goals are met.
Azure AD can be integrated with an existing Windows Server Active Directory, giving organizations the ability to leverage their existing on-premises identity investments to manage access to cloud based SaaS applications using very simple tool called Azure AD Connect.
If you are an Office365, Azure or Dynamics CRM Online customer, you might not realize that you are already using Azure AD. Every Office365, Azure and Dynamics CRM tenant is actually already an Azure AD tenant. Whenever you want you can start using that tenant to manage access to thousands of other cloud applications Azure AD integrates with.
Azure AD has several editions and people generally got confuse for which editions of AAD organizations should go for. Among all the editions of Azure AD, primary difference is capacity and features set such as certain editions supports only up-to 500,000 objects and certain editions doesn’t support self service password reset. One can choose Azure AD editions based on the capabilities and features set looking for.
Azure AD comes with four different editions,
Free – if you subscribed to any Microsoft online service such as azure or office 365 you will get the free azure AD version. You do not need to pay for this. But it got limited features.
Basic – Designed for task workers with cloud-first needs, this edition provides cloud centric application access and self-service identity management solutions. With the Basic edition of Azure Active Directory, you get productivity enhancing and cost reducing features like group-based access management, self-service password reset for cloud applications, and Azure Active Directory Application Proxy (to publish on-premises web applications using Azure Active Directory), all backed by an enterprise-level SLA of 99.9 percent uptime.
Premium P1 – Designed to empower organizations with more demanding identity and access management needs, Azure Active Directory Premium edition adds feature-rich enterprise-level identity management capabilities and enables hybrid users to seamlessly access on-premises and cloud capabilities. This edition includes everything you need for information worker and identity administrators in hybrid environments across application access, self-service identity and access management (IAM), identity protection and security in the cloud. It supports advanced administration and delegation resources like dynamic groups and self-service group management. It includes Microsoft Identity Manager (an on-premises identity and access management suite) and provides cloud write-back capabilities enabling solutions like self-service password reset for your on-premises users.
Premium P2 – Designed with advanced protection for all your users and administrators, this new offering includes all the capabilities in Azure AD Premium P1 as well as our new Identity Protection and Privileged Identity Management. Azure Active Directory Identity Protection leverages billions of signals to provide risk-based conditional access to your applications and critical company data. We also help you manage and protect privileged accounts with Azure Active Directory Privileged Identity Management so you can discover, restrict and monitor administrators and their access to resources and provide just-in-time access when needed.
Below is features comparison between all four editions of the Azure AD.
Azure AD for Nepal IT market
In my opinion, Azure AD will be as essential as on-premises AD if your workloads are on cloud or you are thinking for hybrid infrastructure. Azure AD can be used as a several solution apart from centralized authentication and SSO (Single Sign-on) and few of them are below.
If an organization looking for self-service password reset solution for both cloud and on-premised user, they can use Azure AD Premium P1 or P2 and get the service without having any ticketing and automation solution in place. As per my observation, many organization here in Nepal is looking for the solution but they step back due to maintaining additional servers and licensing. Azure AD could be the right solution for them.
Financial institutions are looking for MFA (Multi-factor Authentication) to put one more layer of security measure for their hybrid environment but their existing solution might be concern for cloud compatibility. Azure AD Premium could be the right solution which provides MFA for both cloud and on-premises.
Explorer Azure AD and move one step ahead in cloud centeric world.