You’re probably confuse when you heard of Azure Active Directory since you know there is exist of Active Directory in Windows Server. But you don’t know the different of Azure Active Directory and Windows Server Active Directory. I will explain what Azure Active Directory is and how it’s work compared to Windows Server Active Directory.
Azure Active Directory is the cloud based directory and identity management service that offers a subset of the services of Windows Server Active Directory (AD) but in the cloud.
Let’s talk about your directory on the cloud. I split into 3 categories types of identity which offered in Azure AD:
Cloud, Synchronized, and Federated Identities
Because these are the three main identity models in Office 365 when you set up and manage user accounts.
While intended primarily for cloud-born apps — Office 365 uses Azure AD for identity management for example — Azure AD can also be integrated with on premise Active Directory for the purposes of simplifying identity management in hybrid cloud environments.
Cloud identities exist only in Azure AD and require organizations to manage usernames and passwords separately from Windows Server Active Directory. Windows Server AD user accounts can be synchronized to Azure AD, and optionally password hashes.
Synchronized identities have the same password in the cloud as in Windows Server Active Directory but users need to sign in again to access cloud services.
Federated identities use Windows Server Active Directory for user authentication, connecting the onsite service to Azure AD using Active Directory Federation Services (ADFS). Federated identities are the only way to provide true single sign-on capabilities. Other advantages include the ability to continue using onsite multifactor authentication, password hashes are never synchronized to the cloud, users can be blocked immediately and logon restrictions set in AD are honored.
After I explained the 3 types of identity, you probably want to know how’s your Windows Server AD connect to Azure AD. Here’s the answer: Azure Active Directory Connect.
Azure Active Directory Connect
A tool to connect all kinds of on-premises directories to Azure Active Directory. You can use this tool that can help you to synchronize your on-premises identities to the cloud. And also will help you to decide and configure the right authentication method for your hybrid environment. Azure AD Connect replaces the DirSync tool that was previously the standard means of synchronizing Windows Server AD identities with Azure AD and Office365.
Now, let’s talk about benefits your identity in Azure AD.
Cloud based Identity Management
There are subset of services offered in Azure AD. The ability to quickly provision Azure AD in the cloud allows developers to concentrate on the nitty gritty of writing their applications, leaving Azure AD to provide identity management services. When discuss on security concern, Multifactor authentication is also supported for additional security. It’s also worth noting that Windows 10 can be joined to Azure AD giving users access to Windows Store for Business, Microsoft Passport, single sign-on to cloud apps and so on. You probably experience during set up your Windows 10 machine where set up wizard ask to join to Azure AD.