Active Directory - Azure
Azure Active Directory (Azure AD) is a cloud-based identity and access management service.
Azure AD enables employees to access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications.
Azure Active Directory also helps them access internal resources like apps on your corporate intranet and any cloud security tools developed for your organization.
--------------------------------------
1. Who uses Azure AD?
2. What are the Azure AD licenses?
3. Which features work in Azure AD?
---------------------------------------
?? Who Uses Azure AD?
Azure AD provides different benefits to members of your organization based on their role:
IT admins use Azure AD to control access to apps and app resources based on business requirements. For example, as an IT admin, you can use Azure AD to require multi-factor authentication when accessing important organizational resources. You could also use Azure AD to automate user provisioning between your existing Windows Server AD and your cloud apps, including Microsoft 365. Finally, Azure AD gives you powerful tools to help protect user identities and credentials automatically and to meet your access governance requirements.
App Developers can use Azure AD as a standards-based authentication provider that helps them add single sign-on (SSO) to apps that works with a user's existing credentials. Developers can also use Azure AD APIs to build personalized experiences using organizational data.
Microsoft 365, Office 365, Azure, or Dynamics CRM Online subscribers already use Azure AD as every Microsoft 365, Office 365, Azure, and Dynamics CRM Online tenant is automatically an Azure AD tenant. You can immediately start managing access to your integrated cloud apps.
??What are the Azure AD licenses?
Microsoft Online business services, such as Microsoft 365 or Microsoft Azure, use Azure AD for sign-in activities and to help protect your identities.
To enhance your Azure AD implementation, you can also add paid features by upgrading to Azure Active Directory Premium P1 or Premium P2 licenses.
Azure AD paid licenses are built on top of your existing free directory. The licenses provide self-service, enhanced monitoring, security reporting, and secure access for your mobile users.
Azure Active Directory Free. Provides user and group management, on-premises directory synchronization, basic reports, self-service password change for cloud users, and single sign-on across Azure, Microsoft 365, and many popular SaaS apps.
领英推荐
Azure Active Directory Premium P1. In addition to the Free features, P1 also lets your hybrid users access both on-premises and cloud resources. It also supports advanced administration, such as dynamic groups, self-service group management, Microsoft Identity Manager, and cloud write-back capabilities, which allow self-service password reset for your on-premises users.
Azure Active Directory Premium P2. In addition to the Free and P1 features, P2 also offers Azure Active Directory Identity Protection to help provide risk-based Conditional Access to your apps and critical company data and Privileged Identity Management to help discover, restrict, and monitor administrators and their access to resources and to provide just-in-time access when needed.
"Pay as you go" feature licenses. You can also get licenses for features such as, Azure Active Directory Business-to-Customer (B2C). B2C can help you provide identity and access management solutions for your customer-facing apps. For more information, see Azure Active Directory B2C documentation.
??Which Features Work in Azure AD?
After you choose your Azure AD license, you'll get access to some or all of the following features:
Category Description Application management manages your cloud and on-premises apps using Application Proxy, single sign-on, the My Apps portal, and Software as a Service (SaaS) apps.
AuthenticationManage Azure Active Directory self-service password reset, Multi-Factor Authentication, custom banned password list, and smart lockout.
For more information, see Azure AD Authentication documentation.Azure Active Directory for developersBuild apps that sign in all Microsoft identities, get tokens to call Microsoft Graph, other Microsoft APIs, or custom APIs.
For more information, see Microsoft identity platform (Azure Active Directory for developers).
Business-to-Business (B2B) Manage your guest users and external partners while controlling your corporate data.
Device Management Manage how your cloud or on-premises devices access your corporate data.
Hybrid identity Azure Active Directory Connect and Connect Health to provide a single user identity for authentication and authorization to all resources, regardless of location (cloud or on-premises).
For more information, see Hybrid identity documentation. Identity governanceManage your organization's identity through employee, business partner, vendor, service, and app access controls.
You can also perform access reviews. For more information, see Azure AD identity governance documentation and Azure AD access reviews. Identity protectionDetect potential vulnerabilities affecting your organization's identities, configure policies to respond to suspicious actions and then take appropriate action to resolve them. For more information, see Azure AD Identity Protection.
Managed identities for Azure resourcesProvide your Azure services with an automatically managed identity in Azure AD that can authenticate any Azure AD-supported authentication service, including Key Vault.
Privileged identity management (PIM) Manage, control, and monitor access within your organization.
This feature includes access to resources in Azure AD and Azure, and other Microsoft Online Services, like Microsoft 365 or Intune.