Azure Active Directory
All Microsoft Online business services depend on Azure Active Directory for identity management scenarios. You get free version of AAD if you subscribe to any Microsoft online service such as office 365 or Microsoft azure etc. If you want to enhance AAD capabilities you can do that by either purchasing AAD premium version or EMS.
AAD offers you multiple features that upsurge the overall productivity of employees. It provides single-sign-on facility to 1000s of cloud apps also including 3rd party applications so that users do not have to remember different passwords and usernames for various applications. Moreover, it also gives you self-service experience so that users do not have to run to their IT help desk every time they need to reset their password or want to add themselves in any group, They can do these simple tasks themselves; removing extra burden from IT support and increasing the overall efficiency. It also includes Multi-Factor Authentication (MFA), and secure access for your mobile workforce.
The capabilities include;
- Enables self-service password reset and change to be written back to on premises Active Directory.
- Provides end users the self-service ability to join/manage groups.
- Advanced machine learning-based security and usage reports provide additional protection to sensitive data.
- Simplified access management and security
- Centrally manage single sign-on across devices, your datacenter, and the cloud to 1000s of applications.
- Multi Factor authentication with verification options, including phone calls, text messages, or mobile app notifications, and use security monitoring to identify inconsistencies.
Azure Active Directory Licenses Comparison
|Azure Active Directory features||Feature details||Azure Active Directory Premium P1||Azure Active Directory Premium P2|
|Common features||Directory objects||No object limit||No object limit|
|User/group management (add/update/delete), user-based provisioning, device registration, password change, synchronization tools for “on-premises to cloud” directory integration (Azure AD Connect)||Yes||Yes|
|Single Sign-On (SSO)||No limit (free, Basic tiers + Self-Service App Integration templates)||No limit (free, Basic tiers + Self-Service App Integration templates)|
|Security/usage reports||Advanced reports||Advanced reports|
|Premium + Basic features||Group-based access management/provisioning||Yes||Yes|
|Self-service password reset for cloud users||Yes||Yes|
|Company branding (logon pages/access panel customization)||Yes||Yes|
|Premium features||Self-Service Group and app Management/Self-Service application additions/ Dynamic Groups||Yes||Yes|
|Self-service password reset/change/unlock with write-back to on-premises directories||Yes||Yes|
|Device objects two-way synchronization between on-premises directories and Azure AD (Device write-back)||Yes||Yes|
|Multi-Factor Authentication (cloud and on-premises (MFA server))||Yes||Yes|
|Microsoft Identity Manager user CAL||Yes||Yes|
|Cloud app discovery||Yes||Yes|
|Conditional access based on group and location||Yes||Yes|
|Conditional access based on device state (allow access from managed/domain joined devices)||Yes||Yes|
|Identity Protection / Conditional access based on sign-in or user risk||Yes|
|Privileged Identity Management||Yes|
|Windows 10 + Azure AD Join related features||Join a Windows 10 device to Azure AD, Desktop SSO, Windows Hello for Azure AD, Administrator Bitlocker recovery||Yes||Yes|
|Windows 10 + Azure AD Join related features||MDM auto-enrollment, Self-service Bitlocker recovery, additional local administrators to Windows 10 devices via Azure AD Join, Enterprise State Roaming||Yes||Yes|