Azure Active Directory Overview

In this blog, we will share the information about Azure Active Directory Overview.

ACTIVE DIRECTORY DEFINITION

• The Preliminary definition of directory service is a customize information store that functions as a single point from which users can locate resources and services distributed throughout the network.

• Regarding the Active directory, it’s a Microsoft hierarchical, replicated and extensible LDAP directory service.

AZURE ACTIVE DIRECTORY – BIG PICTURE

• We don’t have access Azure Active Directory with LDAP. We have to use MS Graph REST API.

• Using Azure AD users from on-prem can transparently access the cloud-based resources.

• We can deploy IaaS and SaaS application directly in the Azure cloud.

• Azure Active Directory is intermediate between on-prem users and cloud-based applications. For-ex: Office365, CRMOnline, Sharepoint Online, etc..,

• There is no need to build an authentication system from scratch for the cloud environment. For the line of business web apps, We can advantage of Azure Active Directory for transparent authentication.

• We can install the Azure AD Connect on your local environment and create cloud identity for each on-prem AD users.

• The potential complication is we need to synchronize between on-prem AD and Azure Active Directory periodically. Make sure that user accounts are in fact up in Azure and the passwords are matched.

AZURE AD PONDER

• Azure Active Directory is not a replacement for On-premises AD.

• We can look at the Azure AD as easy plugin authentication provider for our IaaS and SaaS applications.

• You can install the full domain controllers as IaaS VM’s using Site-to-Site VPN. It will put the local and on-premises subnet on the same layer as one or more Azure virtual network. Then we can install additional domain controllers in the cloud and extend our active directory.

AZURE ACTIVE DIRECTORY EDITIONS

• There are three Active Directory Editions. They are Free, Basic and Premium. Free tier will contain only the basic features. Please check the below information about Basic and premium editions.

Basic Editon

• It will provide 99.9 percent uptime SLA.

• It gives self-service password reset. It’s possible that a user can change their cloud password which is a concern for cloud administrators.

• We can have single sign-on up to 10 SaaS application per user.

Premium Edition

• Self-service Password with writeback feature. It allows cloud password to write back to local Active Directory.

• It includes Microsoft Identity Manager (MIM).

• Also, it provides Multi-Factor Authentication (MFA).

• No SSO Apps Limit.

For more information, Please check this URL https://azure.microsoft.com/en-gb/pricing/details/active-directory/

AZURE AD CONNECT

• Azure AD Connect is a free desktop application that combines features from old tools that are deprecated.

• It is an account synchronization Engine.

• Azure AD connect is also a setup wizard for AD Federation Services.

• It also includes Health Monitor.

• Using this tool, we can selectively synchronize certain OU’s or the entire directory.

MICROSOFT IDENTITY MANAGER (MIM)

• It’s a separate product and separate expense.

• It included free in Azure AD Premium and Enterprise Mobility Suite (EMS).

• Apart from the AD users, we can also synchronize Linux accounts, MainFrame Accounts, and other cloud service accounts into Azure Active Directory.

• It includes the subsystem called Privileged Identity Management (PIM)

Thanks for reading this blog. We hope it was useful for you to know about the Azure Active Directory.