What is Microsoft Azure Active Directory

So, how we authenticate users in organization in traditional way? We need to store users' data and then authentication needs to be achieved against that.

We can consider Active Directory as some kind of Database specially builds for User management. Active Directory Domain Services (AD DS) works as domain controller that authenticates and authorizes users and/or objects in a network. 



Target Audience: Beginners, IT Administrators, Cloud Enthusiasts

Main Topics: 

  1. Active Directory
  2. Comparison of Active Directory and Azure Active Directory
  3. Important FAQs
Now the question should be, what details are stored in the Active Directory (AD)

Active Directory stores different objects and it has three naming contexts.
1) Domain - Organizational Units (OU), Computers, Groups, Users, etc.
2) Schema - Classand Attribute definitions
3) Configuration - Configuration details for services, contexts, and sites

For more details on Active Directory, Visit https://en.wikipedia.org/wiki/Active_Directory

In the Cloud scenario, how to manage identities considering security concerns?
Microsoft provides Azure Active Directory multi-tenant and scalable service to manage identities in Cloud. It also facilitates by providing single sign on and multi-factor authentication.

If we integrate and configure single sign on and multi-factor authentication, it will be very easy to manage users in cloud environments.

In such situation, how Azure AD is different from Windows AD in traditional environment?
Azure AD is mainly an Identity and Access Management service with built-in federation; it also supports multi-factor authentication while Windows AD is a classic hierarchical X.500-based (true) directory service. Multi-factor authentication is available via free MFA capabilities or paid-for MFA providers


Active Directory
Azure Active Directory
Service
True Directory Service
Identity Management Service
Objective
Designed for Intranet Application and User Management
Designed for Internet Application and User Management
Support for Authentication Type
Kerberos
SAML, WS-Federation, and OpenID Connect
Support for Federation
Yes
Built-in Federation for many third party applications

With Azure subscription, we get a “Default Directory”; instance of Azure AD. We can create new Directory also.

Microsoft Azure Active Directory


How to access Data stored in Azure AD?
AAD Graph API provides the way to access content of AAD. It is also possible to create and manipulate information available in AAD with the use of REST API

What Role is required to access Azure AD?
Global Administrator
Administrators and co-administrators can manage AAD as they have Global Administrator role assigned to them.


In the Next post we will Create and Manage Active Directory in Microsoft Azure

Labels: , ,