Azure Active Directory, also known as Azure AD or AAD, is a cloud based identity solution, which provides a bunch of functionality required from any identity solution. Moving your corp identity to cloud is very much required for certain SaaS applications you might want to use. It is also a huge security concern for the companies to put the accounts/identities in the cloud.
Azure Active Directory is the answer to your needs and security concerns. It provides seamless integration with your on-premises and SaaS applications. Active Directory, on the other hand, is one of the most widely used on-premises identity solution from Microsoft. Even though names are alike, these two are very different from functionality perspective. In this article, I'll be listing the top benefits of Azure AD, which makes it not only simple and secure but highly cost effective.
1. High Availability
Azure AD is highly available by architecture design spread across 28 data centers in different geographies. It is consisted of independent building blocks to provide the scale and availability. There are three components to each directory partition on Azure AD.
- Active Primary: This is where all the writes take place and immediately replicated to another datacenter.
- Passive Primary: This is same topology as Active Primary, in another datacenter and writes are replicated rom Active Primary. This can assume Active Primary role at any time.
- Secondary Replica: All reads happen from these replicas, which are located at multiple data centers across geographies. There are many of these replicas and data is replicated to these replicas asynchronously.
Microsoft provides 99.99% SLA for all the paid versions for Azure AD.
2. Simplified Access
Through Azure AD access to applications across cloud and on-premises can be simplified.
Single Sign On
With one identity you can access thousands of SaaS applications and on-premises applications using single sign on. You can achieve single sign on to your on-premise applications using pass through authentication or federation.
Through Application Proxy, you can publish your on-premises applications for secure remote access. There is no need to change the network infra or use VPN. Users can access these applications like any SaaS app over internet.
It is a web based portal, usually called myapps. It is an excellent and productive choice for a home page for all your employees. Not only does it list all the granted applications to the logged on user, it also provides account management, password reset and group management through one view. It can be accessed through supported web browsers and even mobile apps.
3. Self Service Features
Self service features of Azure AD can help save a lot of help desk time and cost. These are highly reliable and secure.
Self Service Password Management
Through this tool, users can reset their forgotten password by responding to some additional security challenges. They can change the password and unlock their account themselves when the situation arises.
Self Service Group Management
Users can create new groups and manage groups and memberships for the groups owned by them.
4. Secure Access
Security is on top for any identity and Azure AD provides multiple features to achieve it.
Multi Factor Authentication
Azure AD can add two steps verification for authentication to provide additional layer of security to user sign-ins. Azure Multi-Factor Authentication is an easy to use, scalable, and reliable solution and Microsoft guarantees 99.9% availability.
This is one of my favourite features at it provides more control on how, where from and who can access the data! You can create policies to bring additional access control based on device types, networks, apps, user roles and sign-in risk level.
Privileged Identity Management
Privilege accounts are used to manage and administer IT systems and securing privileged access critical for securing business assets. With Azure AD PIM, we can minimise the no. of admins and enable "just in time" administrative access. This also gives rich audit trail of admin access.
Dynamic groups provide automatic group membership based on user attributes. This also helps provide access to right people based on attributes like department, employee type, location or any other, without manually managing it.
Azure AD also helps provide collaboration outside the organization like partners by providing access to internal project site or content.
Azure Active Directory B2B
With Azure B2B, corporates can add partners to their project groups and share the information internally without worrying about their identity existence. Partners can access the information using their existing identity.
Azure Active Directory B2C
For your applications used by your customers, you can create tenant with Azure B2C and customers can login using their social or corporate email accounts. So you just need to create your app and Azure AD will take care of the identity management.
Azure AD provides rich security and activity reports.
You can get an overview of the user accounts that might be compromised and attempts made by non-legitimate owner of user accounts.
Here you get history of tasks performed in your tenant and sign-in reports.
Cloud App Discovery
With cloud app discovery admins can determine the cloud apps being used by the users which are not under IT Control. And then Admins can bring these apps under control or take necessary actions.
I hope this post gives you a basic idea of the benefits of Azure Active Directory.
Well, stay tuned for upcoming articles. Say hi, share this article, leave a comment or Subscribe now to stay updated through our newsletter. Also, check out our services or contact us at firstname.lastname@example.org for your software and consultancy requirements.