Harness the Power of Azure Active Directory

Petr Hecko 22nd February 2016

Everyone knows what Active Directory is, but how about Azure Active Directory? Well, Azure AD is a cloud based directory and identity management service introduced by Microsoft back in 2011.

Here at Cloudy Towers, we hear about Azure AD more and more often now, and many organisations, including healthcare companies McKesson or Presence Health, are using this Azure service in their production. Are you ready to give Azure AD a go?

 

But what is Azure AD, and what does it do?

To understand what Azure AD is, just imagine a service which lets you run the traditional Active Directory in the cloud. However, while in principle traditional AD and Azure AD serve the same purpose, there are major differences in their design. While traditional AD provides applications with access to on-premises resources and uses protocols like Kerberos and LDAP, Azure AD was specifically designed to support web-based services and uses different web-based protocols (like SAML and OAuth2.0).

 

So what are the benefits of utilising Azure AD, and is it going to fit your organisational needs?

If your organisation is fairly small and is not utilising any AD yet, but is looking for this kind of solution, a stand alone version of Azure AD running completely in the cloud could be a good option.

Of course, big organisations currently using on-premise AD can take advantage of Azure AD as well. In this case, organisations can integrate their on-premise AD with Azure AD easily, using the Azure AD Connect tool. Once this integration is complete, your users can use their existing credentials to connect to Azure Cloud applications, as well as to thousands of SaaS applications like Salesforce, DropBox or Office 365.    

 

What editions of Azure AD are available?

There are three editions of Azure AD available today – The Free edition, Basic edition and finally the Premium edition.

All three editions offer common features such as Users and Group management, SSO-based user access to SaaS or Azure AD Connect for sync between on-premise and cloud directories.

If the organisation opts for the Basic or Premium edition of Azure AD, it’s no surprise that they can take advantage of extra features. These include customising their Azure AD sign in page with their own logo, offloading their IT support when utilising the feature of the self-service password reset for cloud users, and being worry-free with the Azure AD offering of high availability SLA uptime (99.9%). Of course the additional features comes with extra cost, which can vary for each organisation as the cost depends on the Enterprise Agreement terms.

Some additional features, which are currently offered only with the Premium edition, include self-service group management for cloud users, machine learning based advanced anomaly security reports, and Multi-Factor Authentication service for cloud and on-premise users.

If you want to find out more about that, then the detailed comparison of the three editions can be found on the Azure AD editions website.

 

Can I get programmatic access to Azure AD?

You can easily programmatically access the entities in Azure AD, by using Azure AD Graph API.

Azure AD Graph API provides programmatic access to Azure AD through REST API endpoints. Graph API gives you CRUD (Create, Read, Update and Delete) capabilities so you can do things such as query the directory to get information about users or groups, or make changes to the directories (such as creating, deleting or updating users).

Graph API is not limited to changes of users or groups, but can also access any other entity in the directory.

 

So in conclusion

If you are an IT administrator, Azure AD could be a service which can make your life easier. With the SSO access to thousands of cloud SaaS applications and easy to use self-service capabilities, the employee productivity will improve and the IT admin can focus on more complex tasks than managing user’s access!

When adding additional features like MFA, Role Based Access Control (RBAC), application usage monitoring, auditing, security monitoring and alerting, Azure AD can be a game changer for any eligible organisation.

 

Want to see more, check out our slide deck!