Introduction to Azure AD

What is Azure AD

In cloud, identity is particularly important as it enables almost everything including access and acting as the new perimeter in terms of security. So, as more organizations use cloud services, having the right identity management solution is paramount. Microsoft has introduced Azure Active Directory or Azure AD, a cloud-based identity and access management service. It is highly scalable and distributed across the world through the Azure cloud. Azure AD is also widely known as a multi-tenant cloud service which means that the service itself exists in the cloud and there are isolated tenants within it.

How does it differ from Active Directory?

Active Directory vs. Azure Active Directory / Microsoft Blog / Sudo Null IT News

First, Azure AD is not the same as AD. On-prem AD is a traditional system or identity solution that provides authentication, directory policies and some other related services by utilising LDAP, Kerberos and NTLM protocols. In contrast to on-prem AD, Azure AD has two primary services; Identity and Access Management. This includes single sign-on (SSO), password authentication, multi-factor authentication (MFA), conditional access, and user self-service federation, it also uses completely different mechanism from on-prem AD for authentication. The protocol used is OAuth, which is a recent and modern authentication protocol.  

Some applications by Microsoft like Intune does not work with traditional on-prem AD. Hence, for users to access the application, Azure Active Directory is needed for authenticationAs more organizations continue to sign up for cloud services, on-premises AD might fade away soonHowever, Microsoft is not that mean and selfish. Azure AD and on-prem AD can happily be used together through synchronization to supply access to cloud services, using existing identities from on-prem AD.  

To conclude, Azure AD is not a cloud version of on-prem AD as each one has distinctive features and functions. On-prem AD is good in managing traditional on-prem infrastructure and applications, while Azure AD is excellent in managing user access to cloud applications.

So, how does Azure AD helps your organization? Do they relate to your organizational needs? To answer that, let us dive into the details of each of its benefit below:

1. One Place for All

Add or update user profile information - Azure AD | Microsoft DocsAzure AD is like the heart of your organization’s IT systemAs a convenient single access portal, it allows you to manage user identities and manage access for each user. You may assign users to multiple groups by using rules driven by attributes, and to assign licenses and application access through group management. All the control can easily be done in one place.


2. Single Identity Solution

Azure AD creates a single identity solution for all other Microsoft cloud services such as Office 365, Dynamics, Intune, Azure itself and many more. Which means, users can log into all these applications using the same username and passwordThere would be no more “Uh, I forgot my password” because the users no longer need to track multiple passwords for different sites or applications. Worry not, as this feature is not only compatible to Microsoft products, but to other external applications too!

3.  ID Federation for Hybrid IdentityIdentity requirements for hybrid cloud identity design Azure | Microsoft Docs

Other than that, Azure AD also integrates with other applications by enabling ID federation. In other perspective, this enables the hybrid identity options from on-premises to the cloud and beyond, such as in B2B or B2C scenarios.


4. Visibility to Hacking Attempts

IoT, endpoint and mobile security – the effects of BYOD on Cybersecurity - IoT Tech ExpoHacking attempts on user credentials of Exchange Online service have been one of the most repeated attacks on Office 365 platform. Without Azure AD (which also acts as a tool to report successful and unsuccessful logins to the system), identifying and monitoring such attacks would be difficult and laborious. In a scenario whereby too many login attempts resulted in failures, Azure AD works with Identity Protection to give warnings to administrators on the cases of unauthorized access or account hijacking. Once again, this shines a light to Azure AD over on-prem AD because the latter does not have such built-in tool. Instead, on-prem AD requires third-party source or tool to be able to perform the identification and alert functions.

5. 99.99% uptime

Starting from April 2021, the service level agreement (SLA) of Azure AD uptime will be updated and officially increased to 99.99%, an improvement to the earlier 99.9% SLA. A surge in demand for adopting Azure AD has brought this SLA improvement to a reality. Azure AD is now serving more than 400 million of active users and authenticating billions of users per day up until today. With SLA being increased, the reliability will also be improved.


Want to know more about Azure AD and how its benefits can help your company to run efficiently and meet your organizational needs? 

Contact Cloudify.Asia for a friendly discussion with one of our Azure professional consultants, we are always ready to help you onboard!


Written By Ain Salleh (Cloud Fairy)