skip to Main Content

Azure Active Directory

Comprehensive Identity & Access Management for On-Premise and Cloud Applications

Azure Active Directory Services

Azure AD enables you to give your employees SSO access to on-premises and cloud applications.

Whether you’re using a third-party solution (like Office 365, Salesforce.com, DropBox, or Concur) or in-house applications, your internal and external users can securely log on with Azure AD through a single user ID to access virtually any cloud-based app, proprietary app, or system.

In addition to security, there can be several productivity-related enterprise benefits to cloud-based identity management:

Azure AD streamlines the employee experience and reduces the complexity that comes with managing identity, security, and access to your company’s critical data.

Users can have a single sign-on (SSO)—in the datacenter and in the cloud
Users have the ability to authenticate to applications from outside the corporate network
Users can authenticate from mobile devices
Microsoft Silver Partner

Begin Your Journey To Digital Transformation

Secure Your Cloud Infrastructure with Microsoft Azure Active Directory

See How Microsoft Azure Active Directory Cloud Services Can Help Protect Your Business

Importance & Benefits of Azure Active Directory

More and more of companies’ digital resources exist outside of the on-premises corporate network—on mobile devices and in the cloud—making control and visibility into how and when users access applications and data more vital than ever.

Your organization’s data could be at risk through criminal attacks, employees working from unapproved devices and locations, or data moving out of the organization via unapproved cloud services. Overcoming these new challenges takes more than just protecting your existing network perimeter. It requires a new kind of perimeter —an identity security perimeter.

An effective solution controls access to your data by providing an additional level of authentication. Implementing multi-factor authentication and conditional access prevents unauthorized access to both on-premises and cloud applications.

SSO ACCESS

Provide employees SSO access powered by automated access management and provisioning

APP SECURITY

Improve app security with multi-factor authentication and conditional access

DELEGATE

Delegate important tasks to your employees, such as resetting passwords and creating and managing groups

MOBILE ACCESS

Secure remote mobile access to on-premises apps

SELF SERVICE

Provide self-service password change, reset, and self-service group management with Azure AD Premium

SYNCHRONIZE

Extend Active Directory and any other on-premises directories to Azure AD to enable SSO for all cloud-based applications

Begin Your Journey To Digital Transformation

Infographic – Microsoft Azure Identity & Access Management Services

A birds-eye view of Microsoft Azure Identity & Access Management Services

Frequently Asked Questions (FAQs)

Azure Active Directory (Azure AD) is a comprehensive identity as a service (IDaaS) solution that spans all aspects of identity, access management, and security.

Why do I get “No subscriptions found” when I try to access Azure AD in the Azure portal?

Answer:

To access the Azure portal, each user needs permissions with an Azure subscription. If you have a paid Office 365 or Azure AD subscription, go to https://aka.ms/accessAAD for a one-time activation step. Otherwise, you will need to activate a free Azure account or a paid subscription.

What’s the relationship between Azure AD, Office 365, and Azure?

Answer:

Azure AD provides you with a common identity and access capabilities to all web services. Whether you are using Office 365, Microsoft Azure, Intune, or others, you’re already using Azure AD to help turn on sign-on and access management for all these services.

All users who are set up to use web services are defined as user accounts in one or more Azure AD instances. You can set up these accounts for free Azure AD capabilities like cloud application access.

Azure AD paid services like Enterprise Mobility + Security complements other web services like Office 365 and Microsoft Azure with comprehensive enterprise-scale management and security solutions.

What are the differences between Owner and Global Administrator?

Answer:

By default, the person who signs up for an Azure subscription is assigned the Owner role for Azure resources. An Owner can use either a Microsoft account or a work or school account from the directory that the Azure subscription is associated with. This role is authorized to manage services in the Azure portal.

If others need to sign in and access services by using the same subscription, you can assign them the appropriate built-in role. For additional information, see Manage access using RBAC and the Azure portal.

By default, the person who signs up for an Azure subscription is assigned the Global Administrator role for the directory. The Global Administrator has access to all Azure AD directory features. Azure AD has a different set of administrator roles to manage the directory and identity-related features. These administrators will have access to various features in the Azure portal. The administrator’s role determines what they can do, like create or edit users, assign administrative roles to others, reset user passwords, manage user licenses, or manage domains. For additional information on Azure AD directory admins and their roles, see Assign a user to administrator roles in Azure Active Directory and Assigning administrator roles in Azure Active Directory.

Additionally, Azure AD paid services like Enterprise Mobility + Security complement other web services, such as Office 365 and Microsoft Azure, with comprehensive enterprise-scale management and security solutions.

How do I leave a tenant when I am added as a collaborator?

Answer:

When you are added to another organization’s tenant as a collaborator, you can use the “tenant switcher” in the upper right to switch between tenants. Currently, there is no way to leave the inviting organization, and Microsoft is working on providing this functionality. Until this feature is available, you can ask the inviting organization to remove you from their tenant.

How can I connect my on-premises directory to Azure AD?

Answer:

You can connect your on-premises directory to Azure AD by using Azure AD Connect.

For more information, see Integrating your on-premises identities with Azure Active Directory.

How do I set up SSO between my on-premises directory and my cloud applications?

Answer:

You only need to set up single sign-on (SSO) between your on-premises directory and Azure AD. As long as you access your cloud applications through Azure AD, the service automatically drives your users to correctly authenticate with their on-premises credentials.

Implementing SSO from on-premises can be easily achieved with federation solutions such as Active Directory Federation Services (AD FS), or by configuring password hash sync. You can easily deploy both options by using the Azure AD Connect configuration wizard.

For more information, see Integrating your on-premises identities with Azure Active Directory.

Does Azure AD provide a self-service portal for users in my organization?

Answer:

Yes, Azure AD provides you with the Azure AD Access Panel for user self-service and application access. If you are an Office 365 customer, you can find many of the same capabilities in the Office 365 portal.

For more information, see Introduction to the Access Panel.

Does Azure AD help me manage my on-premises infrastructure?

Answer:

Yes. The Azure AD Premium edition provides you with Azure AD Connect Health. Azure AD Connect Health helps you monitor and gain insight into your on-premises identity infrastructure and the synchronization services.

For more information, see Monitor your on-premises identity infrastructure and synchronization services in the cloud.

Can I use Azure AD password write-back without password sync? (In this scenario, is it possible to use Azure AD self-service password reset (SSPR) with password write-back and not store passwords in the cloud?)

Answer:

You do not need to synchronize your Active Directory passwords to Azure AD to enable write-back. In a federated environment, Azure AD single sign-on (SSO) relies on the on-premises directory to authenticate the user. This scenario does not require the on-premises password to be tracked in Azure AD.

Begin Your Journey To Digital Transformation

Celebrating 15+ Years Of Award-Winning Service Excellence

Azure Services Across Three Global Offices

NORTH AMERICA

Suite # 1801, 1 Yonge Street,

Toronto ON M5E 1W7, Canada

EUROPE, MIDDLE EAST & AFRICA

Suite # 318, Al Nasr Plaza, Oud Metha,

Dubai 41318, UAE

ASIA PACIFIC

Floor # 3, MC Complex, Vasai (W),

Mumbai 401202, India

DISCLAIMER: The information contained herein is subject to change without notice. All other trademarks mentioned herein are the property of their respective owners.