Azure Active Directory

#Azure_Active_Directory:

Azure Active Directory is a directory services only, syncing only the identity from on-premise Active Directory, but you will not have Group Policy as on-premise Active Directory, you can do authentication, Federation authentication (B2B),Single Sign On but you can not apply policy.

In Hybrid Identity, the user can authenticate either from Azure Active Directory or on-premise Active Directory, for example, if you have a user and have Office 365, when he logins will authenticate through Azure Active Directory; but if you have user on-premise and has mailbox on-premise Exchange will authenticate through Active Directory Domain Service.

If you don't want to save user passwords in Azure Active Directory and keeping the password on-premise Active Directory, then you can user Pass-Through authentication Agent, the agent decrypts using it's private key, Agent validates user name & password against Active Directory, Active Directory returns result to agent, Agent returns response to Azure AD, Azure AD complete the sign-in process, if successful, user gets access to app. This is what we called Hybrid Identity.

Scenarios of using Azure AD:

1- Assume you are working in a company and you need to make MFA, in this case you need Azure AD.

2- Assume you are working on a company and you have a hybrid cloud between on-premise Exchange Server and you have Exchange Online, in this case you need Azure AD to sync users from on-premise to Cloud.

3- Assume you are new company and doesn't have any data on-premise, you purchased Office 365 for email and teams, in this case you will have Azure Active Directory.