A Comprehensive Guide to Azure Active Directory

3 min readAug 1, 2023

Cloud technologies have transformed how businesses function, enhancing flexibility, scalability, and operational efficiency. Among these cloud technologies, Azure Active Directory (Azure AD) is one of the most critical for managing digital identities and enabling seamless access to a plethora of services.

What is Azure Active Directory?

Azure Active Directory is a cloud-based identity and directory management service provided by Microsoft. It facilitates access not only to Azure services but also to a vast array of Software-as-a-Service (SaaS) applications such as Microsoft 365, DropBox, Concur, and Salesforce.

Azure AD incorporates several self-service options, like password reset, authentication, device management, hybrid identities, and Single Sign-On (SSO), substantially boosting productivity and reducing the need for IT intervention.

Core Concepts

Identity: This can be any object — a user, a group, a managed identity, or service principals — that can be authenticated.
Account: When data attributes are linked to an identity, it’s referred to as an account.

Azure AD vs. Azure Active Directory Domain Services (ADDS)

There are key differences between Azure AD and Azure Active Directory Domain Services (ADDS):

Azure AD uses HTTP/HTTPS for queries, whereas ADDS employs LDAP.
Azure AD supports SAML, WS-Federation, OpenID Connect for Authentication, and OAuth for Authorization. Conversely, ADDS uses Kerberos for Authentication.
Azure AD enables federation setup with third-party providers, while ADDS supports federation only with other domains, and not third-party services.
Azure AD is a managed service, whereas ADDS requires a Virtual Machine (VM) or physical servers.

User Accounts

Azure AD utilizes accounts for authentication and authorization. Every user must have an account that can possess optional properties such as address, department, etc. These user accounts can be accessed from Azure AD → Users → All Users. Bulk operations like create, invite, and delete are possible.

Types of Identities

Cloud: Users who exist only in Azure AD, whether internal or external.
Guest Accounts: Users that exist outside of Azure and are invited for collaboration, including Microsoft Accounts, Live Accounts, etc.
Directory Sync Users: Users synced from your on-premise Windows AD. These users cannot be created in Azure AD but must be synced from the local AD.

Group Accounts

There are two types of group accounts: Security Groups and Microsoft 365 Groups. Depending on your needs, you can assign users or devices to these groups using assignment types: Assigned, Dynamic User, Dynamic Device (only for Security Group type).

Azure AD Join

Azure AD Join enables SSO, access to MS Store for Business, enterprise state roaming, Windows Hello support, device management, and on-premise access. This combination of features provides an integrated experience for end users and simplifies management tasks for IT admins.

Multi-tenant Environments

Azure AD supports multi-tenant environments, which means each AD organization or tenant is fully independent. They are resource-independent, have separate administrative rights, and their sync processes are independent.

Conclusion

Azure Active Directory stands as a lynchpin in the realm of cloud computing, enabling organizations to streamline their operations, boost productivity, and maintain high levels of security. By understanding its nuances and capabilities, you can harness its full potential and make it an integral part of your IT infrastructure.