What is Azure Active Directory?

5 min to read Contributors

Azure Active Directory (Azure AD) is Microsoft’s multi-tenant cloud based directory and identity management service.

For IT Admins, Azure AD provides an affordable, easy to use solution to give employees and business partners single sign-on (SSO) access to thousands of cloud SaaS Applications like Office365, Salesforce.com, DropBox, and Concur.

For application developers, Azure AD lets you focus on building your application by making it fast and simple to integrate with a world class identity management solution used by millions of organizations around the world.

Azure AD also includes a full suite of identity management capabilities including multi-factor authentication, device registration, self-service password management, self-service group management, privileged account management, role based access control, application usage monitoring, rich auditing and security monitoring and alerting. These capabilities can help secure cloud based applications, streamline IT processes, cut costs and help ensure that corporate compliance goals are met.

Additionally, with just four clicks, Azure AD can be integrated with an existing Windows Server Active Directory, giving organizations the ability to leverage their existing on-premises identity investments to manage access to cloud based SaaS applications.

If you are an Office365, Azure or Dynamics CRM Online customer, you might not realize that you are already using Azure AD. Every Office365, Azure and Dynamics CRM tenant is actually already an Azure AD tenant. Whenever you want you can start using that tenant to manage access to thousands of other cloud applications Azure AD integrates with!

Azure AD Connect Stack

How reliable is Azure AD?

The multi-tenant, geo-distributed, high availability design of Azure AD means that you can rely on it for your most critical business needs. Running out of 28 data centers around the world with automated failover, you’ll have the comfort of knowing that Azure AD is highly reliable and that even if a data center goes down, copies of your directory data are live in at least two more regionally dispersed data centers and available for instant access.

For more details, see Service Level Agreements.

What are the benefits of Azure AD?

Your organization can use Azure AD to improve employee productivity, streamline IT processes, improve security and cut costs in many ways:

  • Quickly adopt cloud services, providing employees and partners with an easy single-sign on experience powered by Azure AD’s fully automated SaaS app access management and provisioning services capabilities.
  • Empower employees with access to world class cloud apps and self-service capabilities from wherever they need to work on the devices they love to use.
  • Easily and securely manage employee and vendor access to your corporate social media accounts.
  • Improve application security with Azure AD multifactor authentication and conditional access.
  • Implement consistent, self-service application access management, empowering business owners to move quickly while cutting IT costs and overheads.
  • Monitor application usage and protect your business from advanced threats with security reporting and monitoring.
  • Secure mobile (remote) access to on-premises applications.

How does Azure AD compare to on-premises Active Directory Domain Services (AD DS)?

Both Azure Active Directory (Azure AD) and on-premises Active Directory (Active Directory Domain Services or AD DS) are systems that store directory data and manage communication between users and resources, including user logon processes, authentication, and directory searches.

AD DS is a server role on Windows Server, which means that it can be deployed on physical or virtual machines. It has a hierarchical structure based on X.500. It uses DNS for locating objects, can be interacted with using LDAP, and it primarily uses Kerberos for authentication. Active Directory enables organizational units (OUs) and Group Policy Objects (GPOs) in addition to joining machines to the domain, and trusts are created between domains.

Azure AD is a multi-customer public directory service, which means that within Azure AD you can create a tenant for your cloud servers and applications such as Office 365. Users and groups are created in a flat structure without OUs or GPOs. Authentication is performed through protocols such as SAML, WS-Federation, and OAuth. It's possible to query Azure AD, but instead of using LDAP you must use a REST API called AD Graph API. These all work over HTTP and HTTPS.

You can use Azure AD Connect to sync your on-premises identities with Azure AD.

Authentication and authorization details

Azure AD On-premises AD DS
  • SAML
  • WS-Federation
  • Interactive with supported credentials
  • OAuth 2.0
  • OpenID Connect
  • SAML
  • WS-Federation
  • NTLM
  • Kerberos
  • MD5
  • Basic
  • Object repository details

    Azure AD On-premises AD DS
    Access via Azure AD Graph and Microsoft Graph X.500 LDAP

    Programmatic access details

    Azure AD On-premises AD DS
    MS/Azure AD Graph REST APIs LDAP

    SSO to applications details

    Azure AD On-premises AD DS
  • OpenID Connect
  • SAML
  • SAML
  • WS-Fed
  • Open-ID connect
  • Access management details

    Azure AD On-premises AD DS
  • Resource-defined scope and role based access control
  • Client-define delegated and application permissions
  • Consent Framework (enforces proper user/admin consent, as defined/requested by resource/client)
  • Via app role, can be applied individually or through groups, supports:
    • Admin managed
    • Self-service application access
    • User consent
  • Via ACLs, can be applied individually or through groups, supports:
    • Admin managed
  • Group management details

    Azure AD On-premises AD DS
  • Admin managed
  • Rule/dynamic managed
  • Self-service group management
  • Admin managed
  • External system (FIM, or other) required for:
    • Rule/dynamic managed
  • Supported credentials details

    Azure AD On-premises AD DS
  • Username + password
  • Smartcard
  • Username + password
  • Smartcard
  • How can I get started?

    • If you are an IT admin:
      • Try it out! - you can sign up for a free 30 trial today and deploy your first cloud solution in under 5 minutes using this link
      • Read “Getting started with Azure AD” for tips and tricks on getting an Azure AD tenant up and running fast
    • If you are a developer:
      • Check out our Developers Guide to Azure Active Directory
      • Start a trial – sign up for a free 30 day trial today and start integrating your apps with Azure AD

    Where can I learn more?

    We have a ton of great resources online to help you learn all about Azure AD. Here’s a list of great articles to get you started: