What is Azure AD? At an architect level, Azure AD is a high-availability, geo-redundant, multi-tenanted, multi-tiered cloud service that has delivered 99.99% uptime for over a year now. We run it across 27 datacenters around the world. Azure AD has stateless gateways, front end servers, application servers, and sync servers in all of those data centers. Azure AD also has a distributed data tier that is at the heart of our high availability strategy. The data tier holds more than 500 million objects and is running across 13 data centers.
Figure 1. Azure Active Directory Architecture
It’s Not Just Another Directory to Manage
For starters, there are no costs for using Azure AD. The directory is a free resource. There is an additional Azure Active Directory Premium tier that is licensed separately and provides additional features such as company branding and self-service password reset. Azure AD offers many benefits, other than just typical “directory services”. When using a Microsoft cloud service like Office 365 or Microsoft CRM Online, the identities for those platforms are using Azure AD. This comes with huge benefits because those platforms instantly benefit from the features within Azure AD. For example, if you are an Office 365 user, you have access to thousands of other applications that integrate with Azure AD (assuming your organization leverages that SaaS vendor). Users could also benefit from additional services like multi-factor authentication to Office 365, Azure Rights Management Service, for encrypting documents/emails and Self-Service Password Reset.
Single Sign On
Azure AD’s gallery of pre-integrated SaaS applications grows pretty much every week and it is now supporting over 2300 total apps! Also, Azure AD now provides integrated SAML support for over 50 applications, including all of the apps pictured below.
Figure 2. Azure AD SaaS SAML Integrated Apps
Azure Multi-Factor Authentication prevents unauthorized access to both on-premises and cloud applications by providing an additional level of authentication. Protect your business with security monitoring and alerts and machine learning-based reports that identify inconsistent access patterns to mitigate potential threats.
Self-Service Password Reset
Tasks such as resetting passwords and the creation and management of groups to your employees should be self-service. No sense paying a help desk resource to reset a password when that can be done by the user (possibly faster than placing a phone call). Azure AD offers Self-service Password Change and Reset and Self-service Group Management with Azure Active Directory Premium. For more information, see Azure Active Directory.