- Article
- 8 minutes to read
Azure Active Directory (Azure AD) is a cloud-based identity and access management service. Azure AD gives your employees access to external resources like Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources, such as applications on their corporate intranet and any cloud applications developed for their own organization. For information on how to create a tenant, seeQuickstart: Create a new tenant in Azure Active Directory.
For information about the differences between Active Directory and Azure Active Directory, seeComparar Active Directory con Azure Active Directory. You can also referMicrosoft Cloud for Enterprise Architects-ReihePoster to better understand Azure's main identity services, such as Azure AD and Microsoft 365.
Who uses Azure AD?
Azure AD offers different benefits to members of your organization based on their role:
IT adminUse Azure AD to control access to applications and application resources based on business needs. For example, as an IT administrator, you can use Azure AD to require multi-factor authentication when accessing critical company resources. You can also use Azure AD to automate user provisioning between your existing Windows Server AD and your cloud applications, including Microsoft 365. Finally, Azure AD gives you powerful tools to automatically protect user identities and credentials and meet their needs. access control. To get started, sign up for aFree 30-day trial of Azure Active Directory Premium.
Application developerYou can use Azure AD as a standards-based authentication provider, which helps you add single sign-on (SSO) to applications that work with a user's existing credentials. Developers can also use Azure AD APIs to create personalized experiences using organizational data. To get started, sign up for aFree 30-day trial of Azure Active Directory Premium. For more information, see alsoAzure Active Directory for developers.
(Video) How to use Shared Workspace on IGEL OSSuscriptores de Microsoft 365, Office 365, Azure o Dynamics CRM OnlineYou already use Azure AD because every Microsoft 365, Office 365, Azure, and Dynamics CRM Online tenant is automatically an Azure AD tenant. You can start managing access to your cloud-integrated apps right away.
What are Azure AD licenses?
Microsoft business online services, such as Microsoft 365 or Microsoft Azure, use Azure AD for sign-in activities and to protect their identities. When you sign up for a commercial Microsoft online service, you automatically get access to itAzure AD for free.
To enhance your Azure AD deployment, you can also add paid features by upgrading to Azure Active Directory Premium P1 or Premium P2 licenses. Azure AD paid licenses are based on your existing free directory. The licenses provide self-service, advanced monitoring, security reporting, and secure access for your mobile users.
Use
For information about the pricing options for these licenses, seeAzure Active Directory pricing.
For more information on Azure AD pricing, seeForo de Azure Active Directory.
Azure Active Directory listings.It provides user and group management, local directory synchronization, basic reporting, self-service password change for cloud users, and single sign-on for Azure, Microsoft 365, and many popular SaaS applications.
(Video) HandsOn | Azure Active Directory | Users ,Groups,Service Principals #azure #devops #activedirectoryAzure Active Directory Premium P1.In addition to the free features, P1 also gives its hybrid users access to on-premises and cloud resources. It also supports advanced management such as B. dynamic groups, self-service group management, Microsoft Identity Manager, and cloud writeback capabilities that enable self-service password resets for your on-premises users.
Azure Active Directory Premium P2.In addition to free features and P1, P2Azure Active Directory-Identitätsschutzto provide risk-based conditional access to your critical business applications and data, andPrivileged Identity Managementto discover, restrict, and monitor administrators and their access to resources and provide just-in-time access when needed.
„Pay as you go“-Funktionslizenzen.You can also purchase licenses for features such as Azure Active Directory business-to-customer (B2C). B2C can help you provide identity and access management solutions for your customer-facing applications. For more information, seeAzure Active Directory B2C-Documentation.
For more information about how to associate an Azure subscription with Azure AD, seeAssociate or add an Azure subscription to Azure Active Directory. For more information on assigning licenses to your users, seeHow To: Assign or remove Azure Active Directory licenses.
What features work in Azure AD?
After you choose your Azure AD license, you get access to some or all of the following features:
| Category | description |
|---|---|
| application management | Manage your on-premises and cloud applications with application proxy, single sign-on, My Apps portal, and SaaS (Software as a Service) applications. For more information, seeHow to provide secure remote access to local applicationsyApplication Management Documentation. |
| authentication | Manage Azure Active Directory self-service password reset, multi-factor authentication, custom banned password list, and smart lockout. For more information, seeAzure AD authentication documentation. |
| Azure Active Directory for developers | Build apps that sign in with any Microsoft identity, get tokens to call Microsoft Graph, other Microsoft APIs, or custom APIs. For more information, seeMicrosoft Identity Platform (Azure Active Directory for Developers). |
| Business to business (B2B) | Manage your guest users and external partners while maintaining control of your own company data. For more information, seeAzure Active Directory B2B documentation. |
| Business to customer (B2C) | Customize and control how users register, log in, and manage their profiles when using your apps. For more information, seeAzure Active Directory B2C-Documentation. |
| conditional access | Manage access to your cloud apps. For more information, seeAzure AD Conditional Access Documentation. |
| Device management | Manage how your on-premises or cloud devices access your corporate data. For more information, seeAzure AD device administration documentation. |
| domain services | Join Azure virtual machines to a domain without using domain controllers. For more information, seeAzure AD domain services documentation. |
| business user | Manage license assignments, access applications, and configure delegates using administrator roles and groups. For more information, seeAzure Active Directory user administration documentation. |
| hybrid identity | Use Azure Active Directory Connect and Connect Health to provide a single user identity for authentication and authorization of all resources, regardless of location (cloud or on-premises). For more information, seeHybrid identity documentation. |
| identity management | Manage your organization's identity through employee, business partner, vendor, service, and application access controls. You can also perform access reviews. For more information, seeAzure AD identity governance documentationyAzure AD access reviews. |
| identity protection | Identify potential vulnerabilities affecting your organization's identities, configure policies to respond to suspicious actions, and then take appropriate action to remediate them. For more information, seeAzure AD identity protection. |
| Administered identities for Azure resources | Provide your Azure services with a self-managed identity in Azure AD that can authenticate with any Azure AD-compliant authentication service, including Key Vault. For more information, seeWhat are managed identities for Azure resources?. |
| Privileged Identity Management (PIM) | Manage, control and monitor access within your organization. This feature includes access to resources in Azure AD and Azure, as well as other Microsoft online services like Microsoft 365 or Intune. For more information, seeAzure AD Privileged Identity Management. |
| reporting and monitoring | Learn about security and usage patterns in your environment. For more information, seeAzure Active Directory monitoring and reporting. |
Terminology
To better understand Azure AD and its documentation, we recommend reading the following terms.
| term or concept | description |
|---|---|
| identity | A thing that can be authenticated. An identity can be a user with a username and password. Identities also include applications or other servers that may require secret key or certificate authentication. |
| Bill | An identity associated with the data. You cannot have an account without an identity. |
| Azure AD-Konto | An identity created through Azure AD or another Microsoft cloud service, such as Microsoft 365. Identities are stored in Azure AD and are accessible by your organization's cloud service subscriptions. This account is sometimes called a work or school account. |
| account manager | This classic subscription administrator role is conceptually the billing owner of a subscription. This role allows you to manage all subscriptions in an account. For more information, seeClassic subscription admin roles, Azure roles, and Azure AD admin roles. |
| service manager | This classic subscription administrator role allows you to manage all Azure resources, including access. This role has the same access as a user assigned the Owner role at the subscription scope. For more information, seeClassic subscription admin roles, Azure roles, and Azure AD admin roles. |
| owner | This role helps you manage all Azure resources, including access. This role is based on a newer authorization system called Azure Role-Based Access Control (Azure RBAC), which provides granular access management to Azure resources. For more information, seeClassic subscription admin roles, Azure roles, and Azure AD admin roles. |
| Azure AD global administrator | This admin role is automatically assigned to whoever created the Azure AD tenant. You can have multiple global admins, but only global admins can assign users to admin roles (including assigning other global admins). For more information on the different admin roles, seeAdministrator roles in Azure Active Directory. |
| Azure subscription | It is used to pay for Azure cloud services. You can have many subscriptions and they are linked to a credit card. |
| blue tenant | A dedicated and trusted instance of Azure AD. The tenant is automatically created when your organization signs up for a Microsoft cloud service. These subscriptions include Microsoft Azure, Microsoft Intune, or Microsoft 365. An Azure tenant represents a single organization. |
| Einzelmieter | Azure tenants accessing other services in a dedicated environment are considered single tenants. |
| multi user | Azure tenants accessing other services in an environment shared between multiple organizations are considered multi-tenant. |
| Azure AD Directory | Each Azure tenant has a dedicated and trusted Azure AD directory. The Azure AD directory contains the tenant's users, groups, and applications and is used to perform identity and access management functions for the tenant's resources. |
| custom domain | For example, each new Azure AD directory includes an initial domain namedomain name.onmicrosoft.com. In addition to this initial name, you can also add your organization's domain names. Your organization's domain names include the names you use for your business and that your users use to access your organization's resources on the list. Adding custom domain names allows you to create usernames that are familiar to your users, such as B.alin@contoso.com. |
| Microsoft account (also called MSA) | Personal accounts that provide access to your consumer-facing Microsoft cloud products and services. These products and services include Outlook, OneDrive, Xbox LIVE, or Microsoft 365. Your Microsoft account is created and stored in the Microsoft consumer identity account system operated by Microsoft. |
Next steps
Sign up for Azure Active Directory Premium
Associate an Azure subscription with your Azure Active Directory
(Video) Azure AD Sync with On Prem Part 5 in HindiAzure Active Directory Premium P2 Feature Deployment Checklist
Commentary
Was this page helpful
Provide product feedback|
FAQs
What is Azure Active Directory in simple terms? ›
Azure Active Directory (Azure AD) is a cloud-based identity and access management service. Azure AD enables your employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications.
What is Azure AD login? ›Azure Active Directory (Azure AD), part of Microsoft Entra, is an enterprise identity service that provides single sign-on, multifactor authentication, and conditional access to guard against 99.9 percent of cybersecurity attacks.
What is Active Directory login? ›Active Directory (AD) is more than just a repository of IDs and passwords; it's the center of just about every bit of security in your network. Going beyond the rudimentary managing of permissions, AD establishes policies and controls over what privileges accounts have, and how those account can be used.
What does Azure AD mean on Authenticator app? ›Azure AD Multi-Factor Authentication lets users choose an additional form of authentication during sign-in, such as a phone call or mobile app notification. This ability reduces the requirement for a single, fixed form of secondary authentication like a hardware token.
What is Active Directory in short answer? ›Active Directory (AD) is a database and set of services that connect users with the network resources they need to get their work done. The database (or directory) contains critical information about your environment, including what users and computers there are and who's allowed to do what.
What is Active Directory easily explained? ›Active Directory stores information about objects on the network and makes this information easy for administrators and users to find and use. Active Directory uses a structured data store as the basis for a logical, hierarchical organization of directory information.
What is the difference between Azure and Active Directory? ›Azure AD provides managed identities to run other workloads in the cloud. The lifecycle of these identities is managed by Azure AD and is tied to the resource provider and it can't be used for other purposes to gain backdoor access. Active Directory doesn't natively support mobile devices without third-party solutions.
How do I login with Azure AD user? ›Go to Settings => Accounts => Choose the Access Work or School => click connect => make sure you choose the option to join Azure AD. Then from the Accounts => Other Users option , add other users and add the Azure AD account you want to login as a Standard or Administrator. This will allow the Azure AD user to login.
How do I access Azure Active Directory? ›- Go to portal.azure.com and sign in with your work or student account.
- In the left navigation pane in the Azure portal, click Azure Active Directory. The Azure Active Directory admin center is displayed.
By default, the Guest account is the only member of the default Guests group, which lets a user sign in to a server, and the Domain Guests global group, which lets a user sign in to a domain. A member of the Administrators group or Domain Admins group can set up a user with a Guest account on one or more computers.
What is Active Directory interview questions? ›
- 1) What do you understand by the term Active Directory? ...
- 2) What is a domain? ...
- 3) What is the default protocol used in directory services? ...
- 4) What is the difference between domain local, global and universal groups? ...
- 5) What is the Sysvol folder?
| Method | Primary authentication | Secondary authentication |
|---|---|---|
| Microsoft Authenticator | Yes | MFA and SSPR |
| Authenticator Lite | No | MFA |
| FIDO2 security key | Yes | MFA |
| Certificate-based authentication | Yes | No |
Azure Active Directory (Azure AD) is a centralized identity provider in the cloud. Delegating authentication and authorization to it enables scenarios such as: Conditional Access policies that require a user to be in a specific location. Multi-Factor Authentication which requires a user to have a specific device.
What is Active Directory and why would anyone use it? ›AD serves as a centralized security management solution that houses all network resources. The purpose of Active Directory is to enable organizations to keep their network secure and organized without having to use up excessive IT resources.
What is an example of an Active Directory? ›An example of an Active Directory domain name would be “ad-internal.company.com,” where “ad-internal” is the name you are using for your internal AD domain, and “company.com” is the name of your external resources.
What are the 3 essential pieces of an Active Directory user account? ›The Active Directory structure is comprised of three main components: domains, trees, and forests. Several objects, like users or devices that use the same AD database, can be grouped into a single domain.
What are the two types of Active Directory? ›- Security groups: Use to assign permissions to shared resources.
- Distribution groups: Use to create email distribution lists.
Learning Microsoft's Active Directory service is a simple process. However, it is quite sensitive and entering the wrong domain name system (DNS) can alter the whole outcome. There are many paths you can take to master Active Directory. All you need to do is invest enough time and effort into learning this tool.
What is Azure Active Directory example? ›Azure Active Directory (Azure AD), part of Microsoft Entra, is an enterprise identity service that provides single sign-on, multifactor authentication, and conditional access to guard against 99.9 percent of cybersecurity attacks.
What are the 5 roles of Active Directory? ›- Schema master.
- Domain naming master.
- RID master.
- PDC emulator.
- Infrastructure master.
What are the 4 types of Microsoft Active Directory? ›
- Active Directory (AD) Microsoft Active Directory (most often referred to as a domain controller) is the de facto directory system used today in most organizations. ...
- Azure Active Directory (AAD) ...
- Hybrid Azure AD (Hybrid AAD) ...
- Azure Active Directory Domain Services (AAD DS)
To open Active Directory Users and Computers, log into a domain controller, and open Server Manager from the Start menu. Now, in the Tools menu in Server Manager, click Active Directory Users and Computers. For more details on accessing Active Directory and other ways to access the admin tools, keep reading!
Can I join a server to Azure AD? ›With an Azure AD DS managed domain, you can provide domain join features and management to virtual machines (VMs) in Azure. This tutorial shows you how to create a Windows Server VM then join it to a managed domain.
Why can't I access Azure Active Directory? ›The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
How do I connect my PC to Azure Active Directory? ›Open Settings, and then select Accounts. Select Access work or school, and then select Connect. On the Set up a work or school account screen, select Join this device to Azure Active Directory. On the Let's get you signed in screen, type your email address (for example, alain@contoso.com), and then select Next.
Is Azure Active Directory included in Office 365? ›Microsoft 365 uses Azure Active Directory (Azure AD) to manage user identities behind the scenes. Your Microsoft 365 subscription includes a free Azure AD subscription so that you can integrate your on-premises Active Directory Domain Services (AD DS) to synchronize user accounts and passwords or set up single sign-on.
What is the difference between Active Directory and Active Directory? ›Active Directory is a database that stores and organizes enterprise resources as objects. You can think of Active Directory as a database that stores users and device configurations in AD DS. A domain controller, in contrast, is simply a server running Active Directory that authenticates users and devices.
How many main types of users are there in Active Directory? ›Common types of Active Directory service accounts include built-in local user accounts, domain user accounts, managed service accounts, and virtual accounts.
What is the difference between directory and Active Directory? ›LDAP is a protocol. Active Directory is a directory server. LDAP is a cross-platform open standard, but Active Directory is Microsoft's proprietary software meant for Windows users and applications. The primary use of LDAP is to query and modify directory servers.
What are the most common passwords in Active Directory? ›According to the PCI Security Standards Council (PCI), the most common passwords are “password”, “password1” and “123456. Hackers try easily-guessed passwords because they're used by half of all people.
What is Active Directory username and password? ›
An AD account is a username and password that you can use to access computing resources on computers joined to a particular domain -- in this case, SAS. AD accounts allow the user to log into computers joined to the domain, access shared files, information, and resources, and have a networked area for file backup.
Can I see user password in Active Directory? ›Yes, you can check the Last Password Changed information for a user account in AD. The information for the last password changed is stored in an attribute called “PwdLastSet”. You can check the value of “PwdLastSet” using the Microsoft “ADSI Edit” tool.
What are Active Directory skills? ›Description. Active Directory is the heart of Windows Server user management and permissions. It's a key skill for any IT administrator and help desk staff. The Active Directory Administrator is responsible for managing all aspects of the domain including the users, groups, and computer accounts in the domain.
What is Azure Active Directory interview questions? ›- What are the license requirements for using Azure AD connect? ...
- Name the types of cloud computing in Azure AD? ...
- Define dynamic groups in Azure AD? ...
- What is conditional access in Azure Active Directory? ...
- What is risk detection?
Active Directory management comprises a wide range of tasks, including setting up your domains and forests, keeping your AD organized and healthy, properly managing Group Policy, and ensuring business continuity with a comprehensive backup and recovery process.
What are the 3 methods of authentication? ›Authentication factors can be classified into three groups: something you know: a password or personal identification number (PIN); something you have: a token, such as bank card; something you are: biometrics, such as fingerprints and voice recognition.
What are the 5 elements of user authentication? ›Today, many organizations use multiple authentication factors to control access to secure data systems and applications. The five main authentication factor categories are knowledge factors, possession factors, inherence factors, location factors, and behavior factors.
What is Type 3 authentication examples? ›Type 3 – Something You Are – includes any part of the human body that can be offered for verification, such as fingerprints, palm scanning, facial recognition, retina scans, iris scans, and voice verification.
What are the 3 main identity types used in Azure AD? ›- [Instructor] The exam may test your knowledge of the identity types available in Azure Active Directory. And for the exam, there are four different identity types that you'll want to be familiar with: the user, service principle, managed identity, and device.
What are the three types of Azure AD? ›Azure Active Directory comes in four editions—Free, Office 365 apps, Premium P1, and Premium P2.
What are the two basic user types in Azure Active Directory? ›
Azure AD only accepts two values for the UserType attribute: Member and Guest. If the UserType attribute isn't mapped in cloud sync, Azure AD users created through directory synchronization would have the UserType attribute set to Member.
How does Azure Active Directory work? ›Azure AD enables your employees access external resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications. Azure Active Directory also helps them access internal resources like apps on your corporate intranet, and any cloud apps developed for your own organization.
What is required for Azure AD authentication? ›Azure AD Multi-Factor Authentication works by requiring two or more of the following authentication methods: Something you know, typically a password. Something you have, such as a trusted device that is not easily duplicated, like a phone or hardware key. Something you are - biometrics like a fingerprint or face scan.
What is basic authentication in Azure AD? ›The basic authentication protocol
The client side sends authentication credentials to the server using the Authorization header that is constructed like this: "username:password" format is used to combine username and password into one string. The resulting string is then encoded using Base64.
Azure AD roles are used to manage Azure AD resources in a directory such as create or edit users, assign administrative roles to others, reset user passwords, manage user licenses, and manage domains. The following table describes a few of the more important Azure AD roles.
What is difference between Active Directory and Azure Active Directory? ›Credentials in Active Directory are based on passwords, certificate authentication, and smartcard authentication. Passwords are managed using password policies that are based on password length, expiry, and complexity. Azure AD uses intelligent password protection for cloud and on-premises.
What is difference between Azure Active Directory and Microsoft Azure? ›Azure AD is a multi-tenant cloud-based identity and access management solution for the Azure platform. Active Directory (AD) is great at managing traditional on-premise infrastructure and applications. Azure AD is great at managing user access to cloud applications.
How to use Azure Active Directory? ›- Prerequisites.
- Sign in to the Azure portal.
- Create a managed domain.
- Deploy the managed domain.
- Update DNS settings for the Azure virtual network.
- Enable user accounts for Azure AD DS.
- Next steps.
Yes. Each Azure AD Domain Services managed domain includes two domain controllers. You don't manage or connect to these domain controllers—they're part of the managed service. If you deploy Azure AD Domain Services into a region that supports availability zones, the domain controllers are distributed across zones.
Can you join a server to Azure AD? ›With an Azure AD DS managed domain, you can provide domain join features and management to virtual machines (VMs) in Azure. This tutorial shows you how to create a Windows Server VM then join it to a managed domain.
What is the difference between Azure user and Azure AD user? ›
There is no difference between the two. Azure users exist in Azure AD and have the same attributes. There is, however, a difference between Hybrid Azure AD users that exist both on-premises and in the cloud, and Azure AD cloud-only users.
Which tool is used by Azure Active Directory? ›Azure AD supports several standardized protocols for authentication and authorization, including SAML 2.0, OpenID Connect, OAuth 2.0, and WS-Federation. It also supports password vaulting and automated sign-in capabilities for apps that support only forms-based authentication.
What are the core concepts of Azure Active Directory? ›Azure AD Concepts
1) Identity: Anything that can be authenticated. It can be a user with a username & password, applications, or other services that require authentication. 2) Account: Identity with data associated. 3) Azure AD Account: Identity created using Azure AD or other Microsoft cloud services.
Azure Active Directory Connect is made up of three primary components: the synchronization services, the optional Active Directory Federation Services component, and the monitoring component named Azure AD Connect Health.