DEV Community

Sardar Mudassar Ali Khan
Sardar Mudassar Ali Khan

Posted on • Updated on

Microsoft Azure Active Directory

Introduction:

Azure Active Directory (Azure AD) is a cloud service for managing identities and access. This solution facilitates access to thousands of additional SaaS applications, the Azure portal, and external resources like Microsoft 365 for your staff members. They can also access internal resources like apps on your business intranet network and any cloud apps created by your company, thanks to Azure Active Directory. See QuickStart: Create a new tenant in Azure Active Directory for more details on building a tenancy for your business.

Azure AD is used by who?

Azure AD can be used for:

IT admins:

Based on your company's needs, utilize Azure AD to limit access to your apps and app resources as an IT administrator. For instance, you may utilize Azure AD to make it mandatory for users to provide two-factor authentication before accessing crucial corporate resources. Additionally, you may automate user provisioning across your current Windows Server AD and your cloud apps, such as Microsoft 365, using Azure AD. Finally, Azure AD provides you with strong features to automatically assist in protecting user identities and credentials as well as to satisfy your access governance requirements. Sign up for a free 30-day Azure Active Directory Premium trial to get going.

App developers:

As an app developer, you can add single sign-on (SSO) to your app using Azure AD as a standards-based method, enabling it to function using a user's pre-existing credentials. Azure AD offers APIs that may be used to create personalized app experiences using organizational data that already exists. Sign up for a free 30-day Azure Active Directory Premium trial to get going. You may also view Azure Active Directory for developers for additional details.

Microsoft 365, Office 365, Azure, or Dynamics CRM Online subscribers:

You are already using Azure AD as a subscriber. Each tenant of Microsoft 365, Office 365, Azure, and Dynamics CRM Online is also an Azure AD tenant by default. You can start controlling access to your connected cloud apps right away.

What are the licenses for Azure AD?

Azure AD is necessary for sign-in processes and to aid in identity protection for Microsoft Online Business Services like Microsoft 365 or Azure. All the free features of Azure AD are included when you sign up for any Microsoft Online business subscription.
By upgrading to Azure Active Directory Premium P1 or Premium P2 licenses, you can additionally add paid features to improve your Azure AD deployment. The commercial licenses for Azure AD are constructed on top of your currently free directory. For your mobile users, the licenses offer self-service, improved monitoring, security reporting, and safe access.

Azure Active Directory Free

Enables single sign-on across Azure, Microsoft 365, and a wide range of well-liked SaaS apps. It also offers user and group administration, on-premises directory synchronization, basic reports, self-service password reset for cloud users, and user and group management.

Azure Active Directory Premium P1

P1 now enables access to both on-premises and cloud resources for your hybrid users in addition to the Free features. Additionally, it enables more sophisticated administrative features including cloud write-back capabilities, dynamic groups, self-service group management, Microsoft Identity Manager, and self-service password reset for your on-premises users.

Azure Active Directory Premium P2.

Along with the Free and P1 features, P2 also includes Privileged Identity Management and Azure Active Directory Identity Protection, which together help to provide risk-based Conditional Access to your apps and important corporate data as well as discover, limit, and monitor administrators' access to resources and just-in-time access when necessary.

Pay-as-you-go feature licenses.

Additional feature licenses are also available, such as those for Azure Active Directory Business-to-Customer (B2C). For your customer-facing apps, B2C can assist you in providing identity and access control solutions. Consult the Azure Active Directory B2C documentation for further details.

Which features work in Azure AD?

Following your selection of an Azure AD license, your company will have access to some or all the following features:

Application management

Utilize Application Proxy, single sign-on, the My Apps interface, and Software as a Service (SaaS) programmed to manage your cloud and on-premises apps. See the documentation for Application Management and How to enable secure remote access to on-premises applications for further details.

Authentication

Manage self-service password reset for Azure Active Directory, MFA, a custom list of forbidden passwords, and smart lockout. Consult the Azure AD Authentication documentation for further details.

Azure Active Directory for developers

Create applications that sign in with all Microsoft identities and obtain tokens to use the Microsoft Graph, other Microsoft APIs, and custom APIs. Visit the Microsoft identity platform for further details (Azure Active Directory for developers).

Business-to-Business (B2B)

Manage your external partners and guest users while keeping your own corporate data under your control. Consult the Azure Active Directory B2B documentation for further details.

Business-to-Customer (B2C)

Customize and manage how users register with your apps, log in, and manage their profiles. Consult the Azure Active Directory B2C documentation for further details.

Conditional Access

Access control for your cloud-based apps. Consult the documentation for Azure AD Conditional Access for additional details.

Device Management

Control how you’re on-premises or cloud-based devices access your company's data. Consult the documentation for Azure AD Device Management for additional details.

Domain services

Azure virtual machines can be added without the need for domain controllers to a domain. Consult the documentation for Azure AD Domain Services for further details.

Enterprise users

Using groups and administrator roles, you may set up delegates, control app access, and assign licenses. Consult the Azure Active Directory user administration documentation for further details.

Hybrid identity

To give a single user identity for authentication and authorization to all resources, independent of location, use Azure Active Directory Connect and Connect Health (cloud or on-premises). See Hybrid identity documents for further details.

Identity governance

Manage your organization's identity through employee, business partner, vendor, service, and app access controls. You can also perform access reviews. For more information, see Azure AD identity governance documentation and Azure AD access reviews.

Identity protection

Establish protocols to react to suspicious actions, identify any vulnerabilities affecting the identity of your organization, and then resolve them. See Azure AD Identity Protection for further details.

Managed identities for Azure resources

Your Azure services can authenticate with any authentication service that Azure AD supports, including Key Vault, by creating an automatically managed identity in Azure AD. For further information, see What are managed identities for Azure resources.

Privileged identity management (PIM)

Manage, restrict, and keep an eye on access within your company. Access to resources in Azure AD, Azure, and other Microsoft Online Services, such as Microsoft 365 or Intune, are all included in this functionality. See Azure AD Privileged Identity Management for further details.

Reports and monitoring

Learn more about the usage and security trends in your environment. See Azure Active Directory reporting and monitoring for further details.

Important Points About Azure Active Directory

  • Single sign-on simplifies access to your apps from anywhere

  • Conditional access and multifactor authentication help secure data

  • A single identity control plane grants full visibility and control of your environment

  • Governance ensures the right people have access to the right resources, and only when they need it

Get secured, adaptive access

Strong authentication and risk-based adaptive access restrictions can help preserve user experience without compromising access to resources and data.

Offer seamless user experiences

To keep users engaged, cut down on time spent managing passwords, and eliminate friction, offer a quick and simple sign-in process.

Unify identity management

To increase visibility and control, centrally manage all your identities and users' access to your applications, whether they are hosted online or locally.

Simplify identity governance

With effective automated identity governance, you can guarantee that only authorized individuals have access to apps and data for users and admins.

Unify your identity infrastructure management

With the Microsoft Entra admin center, you can manage and secure your whole identity infrastructure, including Azure AD, more easily.

Conclusion

Azure Active Directory (Azure AD) is a cloud service for managing identities and access. This solution facilitates access to thousands of additional SaaS applications, the Azure portal, and external resources like Microsoft 365 for your staff members

Top comments (0)

Read next

sundus profile image

AWS Cloud Practitioner Certification

Sundus Hussain -

devajithp profile image

Facing an issue in froala text editor, style of the text is lost when the text is cut

Devajith -

mattlewandowski93 profile image

How to Replay any request in Chrome πŸ“€ πŸ”„ πŸ“€

Matt Lewandowski -

leemeganj profile image

Implementing infinite scroll in Next.js with Server Actions

Megan Lee -