Azure Active directory is the solution from Microsoft, where it provides Identity as a Service (IDaaS).
Azure Active directory is the solution from Microsoft, where it provides Identity as a Service (IDaaS).
Azure Active directory is Microsoft’s multi-tenant cloud based directory and identity management service.
Azure AD is very simple and easy to administrate, it can do IT administrators job easy. In order to give solutions to the employees and business partners Single Sign On (SSO) access to thousands of SaaS applications like office 365, salesforce.com, Dropbox and concur etc.
Azure AD provides full suite of identity management capabilities like Multi factor authentication (MFA), Device registration (up to 5 Devices you can register), Self Service group management, privileged account management, Role based access control (RBAC), rich auditing and security monitoring.
By using Azure AD Connect, we can tightly integrate Existing On premises windows server Active directory with Azure AD with simple few clicks. By using this features Organizations can easily extend their On-premises AD to Azure AD in order to manage access to cloud based SaaS application.
Let say, if you are using office 365, Azure or Dynamic 365, you are not realizing that you are already using azure AD. Every office365, Azure and Dynamics 365 tenant already an azure AD tenant. When you want to start using that tenant to manage access to thousands of other cloud applications Azure AD integrates with it.
When we talk about cloud based solutions, we really think about the Service, Security, reliability. Here now I’m discussing about these three major components.
Microsoft is having 28 data centers across the world, once you create any tenant in azure it is geo distributed, your business-critical data maintained out of 28 data centers with auto failover feature. If a data center goes down, copies of your directory data are live in at least two or more regionally available data centers.
Microsoft id providing 99.9% SLA for Azure Active Directory services based the Azure AD type.
Azure Active Directory Premium offers enterprise grade scale and reliability with 99.9% SLA.
We’re talking about only azure AD, but here is the question comes like this” what makes difference between Azure AD and Windows server Active Directory?”
Yes! There is lot of difference between on premises windows server active directory and azure AD. But here the basic functionality meant by the same techniques are same, that are storing the directory data, manage communication between the users and resources, including the logon process, authentication and directory searches.
windows server Active Directory Domain Services (AD DS)is a server role on windows server, install this role on windows server in order to build up an active directory domain services on physical machine or virtual machine. DNS can be used for locating objects and interacted with the protocol called LDAP and for authentication purpose primarily uses Kerberos.
Active directory enables create Organizational Units (OU)and Group policy and objects (GPO) in addition to join machines to the domain, and trusts are created between domains.
Azure AD is multi-tenant public directory service, that means you can create a tenant for your cloud servers and applications such as office 365 with in Azure AD.
Users and groups are created in a flat structured without OU and GPOs. The authentication can be done by protocols such as SAML, WS-Federation, and OAuth. Using graphic API, we can able to querying the Azure AD, but instead of LDAP we should use REST API.
TYPES OF AZURE ACTIVE DIRECTORY AND FEATURES
Microsoft Azure is providing 3 types AAD
- AAD Free
- AAD Basic
- AAD Premium P1 and P2
Please refer below link for features of above types. But AAD premium p2 type offers you full identity management Suite earlier I mentioned in the above starting lines.
AAD Free is offering, Directory objects with limit of 500k object, User/Group Management (add/update/delete)/ User-based provisioning, Device registration, Single Sign-On, B2B Collaboration, Self Service password change for cloud users, AD Connect (Sync Engine that extends on premises to Azure Active Directory).
Along with AAD Free Features AAD Basic offers you, Group-based access management/provisioning, Self-Service Password Reset for cloud users, Company Branding (Logon Pages/Access Panel customization), Application Proxy, SLA
AAD Premium P1 offers along with AAD basic features and Premium Features
- Self-Service Group and app Management/Self-Service application additions/ Dynamic Groups
- Self-Service Password Reset/Change/Unlock with on-premises write back
- Device objects two-way synchronization between on-premises directories and Azure AD (Device write-back)
- Multi-Factor Authentication (Cloud and On-premises (MFA Server))
- Microsoft Identity Manager user CAL4
- Cloud App Discovery
- Connect Health6
- Automatic password rollover for group accounts
- Conditional Access based on group and location
- Conditional Access based on device state (Allow access from managed devices)
Only couple of features are added to AAD PremiumP2 to give the complete identity solution,AAD premium p2 offers ADD premium P1+ Identity Protection, Privileged Identity Management.
Azure AD Connect (Sync Engine) provides interface between On-premises Active Directory and Azure Active Directory, it will synchronize the On-premises Active Directory to cloud based directory service like Azure Active Directory, Office365, Dymanics365 by few clicks.
All are used for Single Sign-On (SSO) and user can use the a single user account and password to access their cloud based application on Office 365, Dynamics Online and Azure AD, we can synchronize user account and there passwords
Why AD Connect?
Integrating on-premises Active directory service with Azure Active Directory makes the user more productivity, they can easily access on-premises and cloud hosted applications with Single Identity by syncing up with their username and password.
AZURE AD COLLABORATIONS
AAD offers two different models in it.
- Azure AD B2B Collaboration Service
- Azure AD B2C Collaboration service
What Is Azure AD B2B (Business2Business)
Azure AD B2B is service feature from Microsoft azure. The Aim of this Azure AD B2B is Inviting one Organization employees to Other organization employees to access their application.
Here is the simple example,let say here at C2S Technologies, we are using “Designyourapp” Application(Example), we start co operate with your business, and we want your employees also benefit from this App. In this case, Azure AD B2B is best solution, because without integrating our application with your AD, your employees also getting benefits by invitation send by the C2S.
Consider Managed Cloud Services
Time for the Last one, Azure AD B2C (Business to Consumer).
Azure AD B2C is the separate service from the Azure AD, built on the same technology, even though still it is for different purpose.
The main difference is, B2C not meant to use single organization users, its built to allow anyone, any individual to sign up as a user by using their Facebook, google+, Linked In or email id.
The main intention of this B2C is, create the Cloud Identity directory for their customer.
Let’s assume that, if you are started e-commerce business, users must have register with your site and you must maintain all their Database, password, identities, login process, sign up process etc you have to maintain all the things,Someone come and says that, hey is this site supports Facebook login? Yes, it is all that Azure AD B2C does for you.
Someone come and says that, hey is this site supports Facebook login? Yes, it is all that Azure AD B2C does for you.
This is an identity repository, that allows your users to sign up for your application with an email address and password (With no restriction email domain) or social media logins.
This service handles all the Authentication and authorization process, password reset process, you no need to worry about it.
I’ll come up more details about Azure B2B and Azure B2C in my next Publish.