Active Directory and Azure Active Directory

Active Directory Directory Services (AD DS) is a role of Windows Server and was released initially with Windows Server 2000. AD is the heart of a network and a core service which is a hierarchical database consisting of users, groups and other objects to provide authentication, authorizations and security services within the organization. From its inception in Windows Server 2000, AD has evolved tremendously in terms of reliability, architecture, robustness, features, etc. and Microsoft Active Directory has become almost the default product for directory services within many enterprises around the globe. From Windows Server 2000 there have been many AD versions with massive improvements according to the technological advancement during the release period.

With the introduction of Cloud Computing and Office 365, Microsoft required a cloud based Authentication and authorization service. Hence, the Azure Active Directory was born. With every Office 365 tenant an Azure Active Directory is included, where all the Office 365 user objects are created and stored. But the Azure AD and Active Directory Directory Services are not the same and have many differences. Starting from the protocols where AD DS uses Kerberos and NTLM where as Azure AD uses SAML 2.0, OAuth 2.0, OpenID Connect and WS-Federation. These protocols enables not only Microsoft cloud applications rather it helps many other  SaaS applications use Azure AD to provide Single Sign On helping users to truly enjoy one identity to access services across organization.

As mentioned earlier, when you enroll for your cloud product such as Office 365, Exchange Online, SharePoint Online, etc. a free Azure AD is assigned to the tenant. The free Azure AD has the basic features and if you need any additional features, add-on licenses AD Premium 1 and Premium 2 can be purchased. Below are the list of licenses and the differences (source:

  • Azure Active Directory Free. Provides user and group management, on-premises directory synchronization, basic reports, self-service password change for cloud users, and single sign-on across Azure, Office 365, and many popular SaaS apps.

  • Azure Active Directory Premium P1. In addition to the Free and Basic features, P1 also lets your hybrid users access both on-premises and cloud resources. It also supports advanced administration, such as dynamic groups, self-service group management, Microsoft Identity Manager (an on-premises identity and access management suite) and cloud write-back capabilities, which allow self-service password reset for your on-premises users.

  • Azure Active Directory Premium P2. In addition to the Free, Basic, and P1 features, P2 also offers Azure Active Directory Identity Protection to help provide risk-based Conditional Access to your apps and critical company data and Privileged Identity Management to help discover, restrict, and monitor administrators and their access to resources and to provide just-in-time access when needed.

  • “Pay as you go” feature licenses. You can also get additional feature licenses, such as Azure Active Directory Business-to-Customer (B2C). B2C can help you provide identity and access management solutions for your customer-facing apps. For more information, see Azure Active Directory B2C documentation.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s