Azure AD or AAD (Azure Active Directory) is a cloud-based directory and identity management service by Microsoft. It provides a centralized authentication mechanism for cloud-based applications for both users in the cloud and users on premises.
Azure AD is a great service if you are looking for SSO (single sign-on) for thousands of cloud SaaS applications like Office365, Facebook for Work, Salesforce.com, DropBox, or any cloud-based LOB (Line of business application).
Azure AD also includes a full suite of identity management capabilities including multi-factor authentication, device registration, self-service password management, self-service group management, privileged account management, role-based access control, application usage monitoring, rich auditing, and security monitoring and alerting. These capabilities can help secure cloud-based applications, streamline IT processes, cut costs and help ensure that corporate compliance goals are met.
Azure AD can be integrated with an existing Windows Server Active Directory, giving organizations the ability to leverage their existing on-premises identity investments to manage access to cloud-based SaaS applications using a very simple tool called Azure AD Connect.
If you are an Office365, Azure, or Dynamics CRM Online customer, you might not realize that you are already using Azure AD. Every Office365, Azure, and Dynamics CRM tenant is actually already an Azure AD tenant. Whenever you want you can start using that tenant to manage access to thousands of other cloud applications Azure AD integrates with.
Azure AD has several editions and people generally got confused about which editions of AAD organizations should go for. Among all the editions of Azure AD, the primary difference is the capacity and features set as certain editions support only up to 500,000 objects and certain editions don’t support self-service password reset. One can choose Azure AD editions based on the capabilities and features set looking for.
Azure AD comes with four different editions
Free – if you subscribed to any Microsoft online service such as azure or office 365 you will get the free azure AD version. You do not need to pay for this. But it got limited features.
Basic – Designed for task workers with cloud-first needs, this edition provides cloud-centric application access and self-service identity management solutions. With the Basic edition of Azure Active Directory, you get productivity-enhancing and cost-reducing features like group-based access management, self-service password reset for cloud applications, and Azure Active Directory Application Proxy (to publish on-premises web applications using Azure Active Directory), all backed by an enterprise-level SLA of 99.9 percent uptime.
Premium P1 – Designed to empower organizations with more demanding identity and access management needs, Azure Active Directory Premium edition adds feature-rich enterprise-level identity management capabilities and enables hybrid users to seamlessly access on-premises and cloud capabilities. This edition includes everything you need for information workers and identity administrators in hybrid environments across application access, self-service identity and access management (IAM), identity protection, and security in the cloud. It supports advanced administration and delegation resources like dynamic groups and self-service group management. It includes Microsoft Identity Manager (an on-premises identity and access management suite) and provides cloud write-back capabilities enabling solutions like self-service password reset for your on-premises users.
Premium P2 – Designed with advanced protection for all your users and administrators, this new offering includes all the capabilities in Azure AD Premium P1 as well as our new Identity Protection and Privileged Identity Management. Azure Active Directory Identity Protection leverages billions of signals to provide risk-based conditional access to your applications and critical company data. We also help you manage and protect privileged accounts with Azure Active Directory Privileged Identity Management so you can discover, restrict and monitor administrators and their access to resources and provide just-in-time access when needed.
Below is the features comparison between all four editions of the Azure AD
Azure AD for the Nepal IT market
In my opinion, Azure AD will be as essential as on-premises AD if your workloads are on the cloud or you are thinking of a hybrid infrastructure. Azure AD can be used as several solutions apart from centralized authentication and SSO (Single Sign-on) and a few of them are below. If an organization looking for a self-service password reset solution for both cloud and on-premises users, they can use Azure AD Premium P1 or P2 and get the service without having any ticketing and automation solution in place. As per my observation, many organization here in Nepal is looking for a solution but they step back due to maintaining additional servers and licensing. Azure AD could be the right solution for them.
Financial institutions are looking for MFA (Multi-factor Authentication) to put one more layer of security measure for their hybrid environment but their existing solution might be concerned with cloud compatibility. Azure AD Premium could be the right solution that provides MFA for both cloud and on-premises.
Explore Azure AD and move one step ahead in a cloud-centric world.