☁️

Overview of Azure Active Directory Features

Apr 21, 2025

Lecture Notes on Azure Active Directory (AAD)

Introduction to Azure Active Directory

  • Azure Active Directory (AAD) is a cloud-based identity and access management service.
  • It is different from Windows Active Directory, designed for cloud resources.
  • AAD is multi-tenant, allowing multiple directories for various clients.

Key Features of AAD

  • Identity and Access Management: User account creation, authentication, and permissions.
  • Multi-Tenant Capability: Multiple active directories and tenants.
  • User Management: Reduces programming efforts for user management; features like password recovery are built-in.
  • Single Sign-On (SSO): Allows seamless access to multiple applications after a single login.

Benefits

  • For IT Admins: Cost-effective, single sign-on to cloud SaaS applications.
  • For Developers: Allows focus on application logic rather than user management.
  • Security: Enhances security with machine learning to detect irregular sign-in activity.
  • Scalability: Supports organizations from 10 to 100,000 users or more.

AAD Editions

  • Free Edition: Basic user management with no SLA guarantees.
  • Basic Edition: Includes group-based access management and SLA guarantees.
  • Premium Edition: Advanced features like multi-factor authentication, self-service identity, and access management.

Azure AD and Resource Access

  • AAD and Azure Subscriptions: Role-based access control is used to manage permissions on Azure resources.
  • Account Administrator Role: Responsible for subscriptions and billing.

Role-Based Access Control (RBAC)

  • Allows detailed management of who has access to Azure resources.
  • Assign roles at subscription, resource group, or individual resource level.
  • Commonly used roles include Owner, Contributor, and Reader.

Integrating On-Premises Active Directory with Azure AD

  • Use Azure AD Connect to synchronize on-premise AD with Azure AD.
  • Enables single sign-on and extends on-premises directory capabilities to Azure.

Azure AD B2C

  • Purpose: Manage consumer identities for public-facing applications.
  • Features: Supports social account sign-ins (e.g., Google, Facebook).
  • Implementation: Create B2C directory, define policies for sign-up/sign-in, and integrate with custom applications.

Enterprise Applications

  • Integrate Azure AD with SaaS applications for single sign-on, user provisioning, and self-service capabilities.
  • Access Panel: Provides users with a dashboard to access assigned applications.

Line of Business Applications

  • Organizations can register custom applications with Azure AD for authentication.
  • Use OAuth 2.0 and OpenID Connect for integration.

Summary

Azure Active Directory provides a robust platform for identity and access management in the cloud, offering benefits like multi-tenant support, scalability, and security. It simplifies user management for IT admins and developers while offering powerful integration capabilities with both cloud and on-premise resources. With Azure AD B2C, organizations can extend their reach to consumer applications, enabling easier access through social identity providers. The integration with enterprise and custom applications further enhances its usability and efficiency.

Full transcript