Introduction to Azure AD
In cloud, identity is particularly important as it enables almost everything including access and acting as the new perimeter in terms of security. So, as more organizations use cloud services, having the right identity management solution is a paramount. Microsoft has introduced Azure Active Directory or Azure AD, a cloud-based identity and access management service. It is highly scalable and distributed across the world through the Azure cloud. Azure AD is also widely known as a multi-tenant cloud service which means that the service itself exists in the cloud and there are isolated tenants within it.
How does it differ from Active Directory?
First, Azure AD is not the same as AD. On-prem AD is a traditional system or identity solution that provides authentication, directory policies and some other related services by utilising LDAP, Kerberos and NTLM protocols. In contrast to on-prem AD, Azure AD has two primary services; Identity and Access Management. This includes single sign-on (SSO), password authentication, multi-factor authentication (MFA), conditional access, and user self-service federation, it also uses completely different mechanism from on-prem AD for authentication. The protocol used is OAuth, which is a recent and modern authentication protocol.
Some applications by Microsoft like Intune does not work with traditional on-prem AD. Hence, for users to access the application, Azure Active Directory is needed for authentication. As more organizations continue to sign up for cloud services, on-premises AD might fade away soon. However, Microsoft is not that mean and selfish. Azure AD and on-prem AD can happily be used together through synchronization to supply access to cloud services, using existing identities from on-prem AD.
To conclude, Azure AD is not a cloud version of on-prem AD as each one has distinctive features and functions. On-prem AD is good in managing traditional on-prem infrastructure and applications, while Azure AD is excellent in managing user access to cloud applications.
So, how does Azure AD helps your organization? Do they relate to your organizational needs? To answer that, let us dive into the details of each of its benefit below:
1. One Place for All
Azure AD is like the heart of your organization’s IT system. As a convenient single access portal, it allows you to manage user identities and manage access for each user. You may assign users to multiple groups by using rules driven by attributes, and to assign licenses and application access through group management. All the control can easily be done in one place.
2. Single Identity Solution
Azure AD creates a single identity solution for all other Microsoft cloud services such as Office 365, Dynamics, Intune, Azure itself and many more. Which means, users can log into all these applications using the same username and password. There would be no more “Uh, I forgot my password” because the users no longer need to track multiple passwords for different sites or applications. Worry not, as this feature is not only compatible to Microsoft products, but to other external applications too!
3. ID Federation for Hybrid Identity
Other than that, Azure AD also integrates with other applications by enabling ID federation. In other perspective, this enables the hybrid identity options from on-premises to the cloud and beyond, such as in B2B or B2C scenarios.
4. Visibility to Hacking Attempts
Hacking attempts on user credentials of Exchange Online service have been one of the most repeated attacks on Office 365 platform. Without Azure AD (which also acts as a tool to report successful and unsuccessful logins to the system), identifying and monitoring such attacks would be difficult and laborious. In a scenario whereby too many login attempts resulted in failures, Azure AD works with Identity Protection to give warnings to administrators on the cases of unauthorized access or account hijacking. Once again, this shines a light to Azure AD over on-prem AD because the latter does not have such built-in tool. Instead, on-prem AD requires third-party source or tool to be able to perform the identification and alert functions.
5. 99.99% uptime
Starting from April 2021, the service level agreement (SLA) of Azure AD uptime will be updated and officially increased to 99.99%, an improvement to the earlier 99.9% SLA. A surge in demand for adopting Azure AD has brought this SLA improvement to a reality. Azure AD is now serving more than 400 million of active users and authenticating billions of users per day up until today. With SLA being increased, the reliability will also be improved.
Want to know more about Azure AD and how its benefits can help your company to run efficiently and meet your organizational needs?
Contact Cloudify.Asia for a friendly discussion with one of our Azure professional consultants, we are always ready to help you onboard!
Written By Ain Salleh (Cloud Fairy)