Azure AD
Azure Active Directory is Microsoft’s multi-tenant, cloud-based identity, and access management service. Actually, Active Directory is a directory service developed by Microsoft for Windows domain networks, while Active Directory is great at managing traditional on-premise infrastructure and applications.
Here is a quick comparison between Azure AD and Windows AD:
| Azure Active Directory | Windows Active Directory | |
| Communication | Representational State Transfer (REST) APIs | Lightweight Directory Access Protocol (LDAP) |
| Authentication | Cloud-based protocols like OAuth2, SAML and WS-Security | Kerberos and NTLM |
| Network Organization | Tenant – Flat structure of users and groups | Organized into Organizational Units, Domains and Forests |
| Entitlement Management | Admins organize users into groups and enable groups to access apps and resources | Admins or data owners assign users to groups |
| Devices | Mobile device management | Does not manage mobile devices |
| Desktops | Windows desktops can join Azure AD | Desktops are joined to Windows AD and governed by Group Policy (GPOs) |
| Servers | Uses Domain Services to manage servers | Managed by GPOs or other on-premise server management system |
Azure AD is great at managing user access to cloud applications in Azure. Azure Active Directory provides enterprise identity service and features like single sign-on, multi factor authentication, and conditional access to guard against cyber attacks. Azure Active Directory services help employees in an organization to access resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications.
Azure AD can be used by different audience based on their intended use cases:
| Roles | Typical Use Cases |
| IT Admins | Control access to apps and app resources based on business requirements, automate user provisioning between existing Windows Server AD and cloud apps, protect user identities and credentials and to meet access governance requirements. |
| App Developers | Adding single sign-on (SSO) to an app, allowing it to work with a user’s pre-existing credentials. Azure AD also provides APIs that can help build personalized app experiences using existing organizational data. |
| Subscribers | As a subscriber to Microsoft services like Microsoft 365, Office 365, Azure, Dynamics CRM Online etc. you are already using Azure AD as each of these services are an Azure AD tenant. This allows you to manage access to your integrated cloud apps. |