Azure AD is Microsoft’s cloud-based directory and identity management service. It combines core directory services, advanced identity protection, and application access management. Azure AD delivers single sign-on (SSO) access to on-premises and cloud applications, helping users to stay productive. By using Azure AD, developers can quickly integrate identity and access management(IAM) into their applications. The […]
Let’s start with some history. Active Directory was first released by Microsoft in the year 2000 as part of it’s Windows 2000 Server edition. Active Directory, usually referred to by it’s short form AD, is essentially a database that helps organize company’s users, computers and more. It also provides authentication and authorization to applications, file services, printers, and other on-premises resources. To provide those services, AD uses protocols such as Kerberos and NTLM for authentication and LDAP to query and modify items in the AD databases.
In order to understand Active Directory completely, one would need to understand the basics of a Domain Controller as well. A Domain Controller is a server on the network that centrally manages access for users, PCs and servers on the network. Active Directory Domain Services runs on the Domain Controller and has the following key functions:
- Secure Object store, including Users, Computers and Groups
- Object organization – Organisational Units (OU), Domains and Forests
- Common Authentication and Authorization provider
- LDAP, NTLM, Kerberos (secure authentication between domain joined devices)
- Group Policy – for fine grained control and management of PCs and Servers on the domain
To summarize, if John Smith is an employee of Company A and the company uses Active Directory services for authentication and authorization of it’s resources, Active Directory knows that John Smith is in the Sales Group and is not allowed to access the HR folder on the file server. It also allows control and management of PCs and Servers on the network via Group Policy (so for example you could set all users’ home page on their browser to be your intranet, or you can prevent users from installing other software etc).
Azure Active Directory
Well, when Microsoft introduced Azure, they just did not put the same windows active directory in the cloud. Though Azure active directory performs some of the same functions as Windows AD, it is quite different.
Azure Active Directory is a secure online authentication store, which can contain users and groups. Users have a username and a password which they can use to sign in to an application that uses Azure AD for authentication.
All of the Microsoft Cloud services such as Office 365, Dynamics 365, and Azure use Azure AD for authentication. Azure AD also manages access to applications that work with modern authentication mechanisms like SAML and OAuth. Azure AD allows you to create an identity for your applications (or 3rd party ones) that you can grant access for users to. Besides seamlessly connecting to any Microsoft Online Services, Azure AD can connect to thousands of SaaS applications like Salesforce, Slack, ZenDesk etc., using a single sign-on.
Azure Active Directory management screen on Azure portal :
Now that we understand what an Azure Active Directory is, in the next lesson, let’s explore in detail, why we would need one.
Why is Azure Active Directory used?
You might be interested in the following courses: