Microsoft Azure Active Directory Overview
Updated: Jul 17, 2019
The Preliminary definition of directory service is a customize information store that functions as a single point from which users can locate resources and services distributed throughout the network.
Regarding the Active directory, it’s a Microsoft hierarchical, replicated and extensible LDAP directory service.
AZURE ACTIVE DIRECTORY – BIG PICTURE
We don’t have access Azure Active Directory with LDAP. We have to use MS Graph REST API.
Using Azure AD users from on-prem can transparently access the cloud-based resources.
We can deploy IaaS and SaaS application directly in the Azure cloud.
Azure Active Directory is intermediate between on-prem users and cloud-based applications. For-ex: Office365, CRMOnline, Sharepoint Online, etc..,
There is no need to build an authentication system from scratch for the cloud environment. For the line of business web apps, We can advantage of Azure Active Directory for transparent authentication.
We can install the Azure AD Connect on your local environment and create cloud identity for each on-prem AD users.
The potential complication is we need to synchronize between on-prem AD and Azure Active Directory periodically. Make sure that user accounts are in fact up in Azure and the passwords are matched.
Azure Active Directory is not a replacement for On-premises AD.
We can look at the Azure AD as easy plugin authentication provider for our IaaS and SaaS applications.
You can install the full domain controllers as IaaS VM’s using Site-to-Site VPN. It will put the local and on-premises subnet on the same layer as one or more Azure virtual network. Then we can install additional domain controllers in the cloud and extend our active directory.
AZURE ACTIVE DIRECTORY EDITIONS
There are three Active Directory Editions. They are Free, Basic and Premium. Free tier will contain only the basic features. Please check the below information about Basic and premium editions.
It will provide 99.9 percent uptime SLA.It gives self-service password reset.
It’s possible that a user can change their cloud password which is a concern for cloud administrators.
We can have single sign-on up to 10 SaaS application per user.
Self-service Password with writeback feature. It allows cloud password to write back to local Active Directory.
It includes Microsoft Identity Manager (MIM).Also,
it provides Multi-Factor Authentication (MFA).
No SSO Apps Limit.
For more information, Please check this URL https://azure.microsoft.com/en-gb/pricing/details/active-directory/
AZURE AD CONNECT
Azure AD Connect is a free desktop application that combines features from old tools that are deprecated.
It is an account synchronization Engine.
Azure AD connect is also a setup wizard for AD Federation Services.
It also includes Health Monitor.
Using this tool, we can selectively synchronize certain OU’s or the entire directory.
MICROSOFT IDENTITY MANAGER (MIM)
It’s a separate product and separate expense.
It included free in Azure AD Premium and Enterprise Mobility Suite (EMS).
Apart from the AD users, we can also synchronize Linux accounts, MainFrame Accounts, and other cloud service accounts into Azure Active Directory.
It includes the subsystem called Privileged Identity Management (PIM)