Identity Services (part 2)
Azure Active Directory (Azure AD)
- Multitenancy- Azure AD is multitenant by design, which ensures isolation between its individual directory instances. From a technical point of view, the term tenant represents an individual Azure AD instance and as an Azure customer, you can create multiple Azure AD tenants. This approach is more useful if you want to test Azure AD functionality in one without affecting the others and each Azure AD tenant serves as a security boundary as well as a container for Azure AD objects such as users, groups, and applications.
- Scalability- Azure AD is the world's largest multitenant directory, hosting over a million directory services instances, with billions of authentications request per week.
- Azure AD Free- It provides user and group management, on-premises directory synchronization, basic reports, and single sign-on across Azure, Office 365, and many popular SaaS apps.
- Azure AD Basic- Besides the Free features, Basic also provides cloud-centric app access, group-based access management, self-service password reset for cloud apps, and Azure AD Application Proxy, which lets you publish on-premises web apps using Azure AD.
- Azure AD Premium P1- Along with the Free and Basic features, P1 alos allows the hybrid users access both on-premises and cloud resources while readily supporting the advanced administration, as well as cloud write-back capabilities, which allow self-service password reset for your on-premises users.
- Azure AD Premium P2- In addition to the Free, Basic, and P1 features, P2 also offers AD Identity Protection to help provide risk-based Conditional access to your apps and critical company data as well as Privileged Identity Management (PIM) to help discover, restrict, and monitor administrators as well as their access to resources and to provide just-in-time access when needed.
Note- You can associate the same Azure AD tenant with multiple Azure subscription allowing you to use the same users, groups, and service principles to access as well as manage resources across multiple Azure subscriptions.
Organizations that uses AD DS can easily synchronize users and groups from their AD domains with Azure AD to enable an SSO experience for their users accessing both on-premises as well as cloud-based applications.
Azure Active Directory Domain Services (Azure AD DS)
Azure AD DS is known as the Microsoft-managed service that provides the standard AD features like Group Policy, domain join, and support for protocols such as Kerberos, NTLM, and LDAP. The managed AD DS can automatically synchronizes its users as well as groups from the Azure AD tenant associated with the Azure subscription hosting the virtual network which provides the following capabilities:
- You can join Azure VMs to the managed AD DS domain if they reside on the same virtual network or another virtual network connected to it.
- Azure AD users can use their existing credentials to sign in to these Azure VMs.
If you have an on-premises AD DS domain that synchronizes with the same Azure AD tenant, your on-premises users will automatically become capable of signing into Azure AD domain by using their existing credentials. Azure AD DS can also migrate applications that depends on AD DS to Azure VMs without any need to deploy and maintain additional domain controllers or establish connectivity with an on-premises infrastructure.
Comments
Post a Comment