Making immense computational resources available through the cloud is only viable if access is properly controlled. For Azure, that job goes to Azure Active Directory. In this piece, we’re going to cover what this service does in more depth and set out why it’s such a vital component.
What is Azure Active Directory?
Azure Active Directory (henceforth called Azure AD) is the service that provides access management for the Azure platform, but it isn’t limited to that: it also works with associated Microsoft services (e.g. Office 365), various other supported SaaS solutions, and even your internal apps and resources.
It’s built on user identities. Using whichever forms of authentication you prefer (and in combinations of your preference), you can ensure that only the intended people get access to your cloud systems, and that every user can only reach the resources you want them to use.
How does it differ from Active Directory for Windows?
Active Directory (or AD) is Azure AD’s precursor, having been around since its first release with the Server edition of Windows 2000. AD was designed for local networks, allowing businesses to control their intranet resources and shape user experiences.
While there’s significant overlap between AD and Azure AD, and it’s roughly accurate to describe the latter as a cloud implementation of the former, there are some significant differences in how they operate that make them potentially complementary.
Azure AD doesn’t affect specific PCs or servers: it applies to requests made online or through intranets. That means it can’t limit local environments in the same way. Even if it could apply to specific machines, the lack of Group Policy controls would prevent it from achieving much.
AD, meanwhile, simply wasn’t developed to work with — or even acknowledge — cloud services (it doesn’t support the protocols). It requires local deployment to work, and doesn’t allow the seamless remote management that Azure AD brings to the table.
If you want to control the on-premise apps and resources that people can access on their computers in general, you need AD. If you want to govern access to internet and intranet services, you need Azure AD. Now that many businesses are going online-only and being platform-independent, it’s easy to see why Azure AD is the better investment.
Is Azure AD free to use?
This depends on how you look at it. There is a tier that’s ostensibly free (it’s called Azure Active Directory Free, after all), but it’s only free in the sense that it’s included as part of a subscription to any business-level Microsoft Online service.
You do have to pay, then, although you probably wouldn’t have much need to use Azure AD without a Microsoft service in your SaaS lineup. Beyond that, you can pay to upgrade to one of two Premium tiers: P1 or P2.
- P1 adds the ability to govern access to on-premise resources, so if you have local services you want to allocate carefully then it might be a good move. It also offers other useful hybrid options like self-service group management and self-service on-premise password resets.
- P2 builds on P1 by allowing you to establish more conditional elements in your system access levels, making it easier and faster to consider the risk of granting access requests and dole out temporary permissions where justified.
In addition to the three identified tiers, you can pay for licenses to get further features. Azure Active Directory B2C is the primary example, making it straightforward to connect social logins (or government credentials) with Azure AD user identities and thus speed up the login process.
What makes it so important?
Big businesses invest heavily in cloud processing options, and all that power needs to be used efficiently. There’s no sense in allocating massive resources to relatively-insignificant tasks. And given the potential sensitivity of company data, you can’t have everyone rooting around core company services, so you need top-notch access restrictions.
Trying to use the cloud to your advantage without strong centralized access management would be a massive mistake. It would also be a huge headache, because every service would need unique logins, and you’d be dealing with forgotten passwords on a daily basis.
But even leaving those things aside, Azure AD is so important because it’s a core (and non-optional) part of the Azure cloud. If you’re going to migrate to Azure, then you can’t avoid it, so you might as well learn how to make the best use of it.