In this series of Articles, we will discuss the concept and implementation of Azure Active Directory (Azure AD).
In this first part we will discuss the concept of azure active directory, so let’s begin 🙂
Most of you deals with on-premise active directory, and simple the on-premise active directory can be described as a central management solution for users and computers or other directory objects.
These days, Microsoft offer two types of Active directory as listed below:
Active directory as Infrastructure (IAAS): this type of AD is similar to your local active directory, which mean you will create a virtual machine in azure and promote the machine to be active directory, again it’s the same concept of local (traditional) active directory, Also in this type you will be responsible for every thing related to the virtual machine such as promote the AD, OS update … etc. since this is a normal active directory you can simply apply group policies, joined the machines to domain and so on.
Azure Active Directory (SAAS): this type of Active directory is offered by Microsoft as a service, OK what this mean !
In Azure Active Directory (Azure AD), you will have a set of users and groups only (at least for now since everyday a new features added to Azure), the main goal of having users and groups in Azure AD in order to benefits from a very large number of azure services.
OK ! you will ask me what is these services ! let me give you an example for this, In Azure AD you can set something called Multi-Factor authentication, we will discuss this feature deeply later, but as a quick overview you can use this feature to force user to authenticate twice, for example: when a user access their emails they must receive a call or SMS code to verify the login also, so if anyone hacked your email password they will not be able to login since he need to know your email password and steals you mobile in order to verify the login process.
Another example is Azure App proxy, again we will talk about this feature deeply later in this series, but as quick overview assume you have a web application you don’t need to publish it over internet, you can install a small agent on it (Connector) and allow user to access it externally through azure portal by authenticate using Azure AD.
There is a lot of features and examples we will talk about it deeply later in this series which will show you how is azure AD is very useful these days.
so again Azure AD is a directory service offered by Microsoft, it’s not for applying policy or joined the machine to it ( Except windows 10 it’s planned to be able to joined to Azure AD), it’s a service to gt benefit from other azure service, most likely it’s used also to connect your users over a thousands of cloud application with a single sign on feature without the need of federation services.
one of the most answers we got from our customers: Oh, my users not using cloud Applications so why to use Azure AD, After discuss with these customers they said: Oh, sorry our users using a cloud Apps. Let me give you an examples, Maybe your users using DropBox,LinkedIn, Facbook, Twitter, Office 365, Dynamic CRM,Google Apps, Salesforce … etc. all of these applications is a cloud solutions, so you can use Azure AD in order to provide your users a single sing on for all these applications and more.
Till this moment, there is 2500+ cloud applications integrated with AZURE AD as a single sign on applications and everyday Microsoft add new applications.
Also this not the only applications, you can provide a single sign on for you organization application’s, All your own web applications can be integrated easily with Azure AD to provide you users with a single sign on Application, Also most of your other App’s (Not Web App’s) can be integrated with Azure.
A new question raised here , what is the benefits of single sign on feature !!!
This is a great question, imagine with me the following scenario:
Assume you are an end user, and your company have six applications you need to login to each one everyday many times to do some tasks, in addition you have a Facebook account and LinkedIn account and you need to login everyday many times to check it. In this scenario everyday you many enter your username and password maybe hundred of times.
Single Sign on feature is a way to access all these application from anywhere at any time with one time entering the username and password, Yes as i said you need to enter your credential one time to access all applications 🙂 I think this is very great 🙂
Another very important question, Ask yourself this question : as an IT admin if you have 1000+ users in your local AD, how you will create this number of users manually in Azure AD !! Oh, this is a very complex process, you will said please i don’t need to use Azure AD anymore, NO, this is not the process.
Microsoft simplify the process of syncing the users from local AD to Azure AD, there is many tools to do this syncing in very easy way, we will discuss the syncing method in Next Part.
Also keep in mind that your data in Azure AD is Encrypted. No, it’s not only encrypted it’s in real double encrypted so no need to be worry about privacy and security.
Finally, In this part we discussed the concept of Azure AD and what benefits you can get as an IT admin or end user, In Next Article we will continue our discussion and start the implementation of this Directory.
Stay Tuned 🙂
Ahmad Yasin in a Microsoft Cloud Engineer and the publisher of
AzureDummies blog. He also hold many certificates in office 365
and windows azure including Developing Microsoft Azure Solutions, Implementing Microsoft Azure Infrastructure Solutions
and MCSA office 365.