Microsoft Azure Active Directory
Intro
It is a cloud-based identity and access management service that enables your employees to access external resources. (Eg. SaaS applications). It provides admins with the privileges to manage end users identity and access privileges. Its services include core directory, access management and identity protection.
It provides the admin the freedom to choose which information stays in the cloud, who can manage or use the information, which services or applications can access the information and which user can have the access.
Admins use Azure AD to manage role permissions and control access to specific applications and resources for individual users. It also can help to provide SSO — Single Sign On. So users don’t have to enter the password multiple times. They can use the same login credentials with the other applications. They don’t require the new id and password instead they can use the same credentials to use the different applications.
Simply explained, Azure AD enables users to sign up for various services and access them from any location via the cloud using a single username and password.
How does it work?
It is used for the Identity and Access Management service based on the cloud. It stores the individual user profiles and its credentials. Azure AD manages access through user accounts, which carry a username and a password. It uses SSO to connect users to SaaS applications. Azure AD uses REST APIs to pass data from one system to other cloud applications and systems that support REST (which is most cloud applications).
Azure AD features and licensing
The licenses provide self-service, enhanced monitoring, security reporting, and secure access for your mobile users. Azure AD comes in four different licensing tiers: free (lowest), Office 365 Apps, Premium P1 and Premium P2 (highest).
The free licensing tier has a 500,000-object limit for directory objects. It does not include IAM for Office 365 and premium features. It includes SSO, MFA etc… There are four license levels — Free, Office 365 Apps, Premium P1, and Premium P2.
- The Premium P1 tier grants the second-highest level of access to Azure AD. Premium P1 access costs $6 per month, per user. P1 also lets your hybrid users access both on-premises and cloud resources.
It also supports advanced administration, such as dynamic groups, self-service group management, Microsoft Identity Manager, and cloud write-back capabilities, which allow self-service password reset for your on-premises users.
- The Premium P2 tier costs $9 per month, per user and includes the full suite of Azure AD functionality. It includes everything offered in P1, as well as identity protection and identity governance features.
Pricing
- Free
All basic features like SSO by which you log into various applications with just one login and password.
2. Basic
It will cost around 5 USD/Month. you will get access to features like SSO, password management, conditional access.
3. Standard
It will cost around 12 UDS/Month. It includes basic plan + plus identity governance, and self-service password reset.
Plus Identity Governance: Collection of processes, policies, roles, metrics, and standards that ensures an effective and efficient use of information. This also helps establish data management processes that keep your data secured, private, accurate, and usable throughout the data life cycle.
4. Premium
It will cost around 20 UDS/Month. It includes basic plan + standard plan and advanced auditing and reporting.
User and Group
Users and groups are the basic building blocks for Azure AD. Here, users can come from both inside and outside of Azure AD.
For example, you may put your Product Management team in one Azure AD group and grant permissions at the group level, so when users leave the organization, you only need to deactivate one account, and the rest of the group stays the same.
Difference Between Windows and Azure AD
Features
- SSO
- MFA
- Reporting and Auditing: Administrators can keep tabs on user behavior and follow changes to user accounts and permissions.
- Conditional Access: This feature helps organizations enforce security policies and protect against potential threats.
- Application Management: Admin can handle user access to both on-premises and cloud based apps.
