Companies scrambled in 2020 to navigate the access control challenges posed by a workforce that was, then, largely moving out of the office. Under the traditional model, secure connections to company resources were established using VPNs to the business’s on-premises directory services.
Microsoft’s Azure Active Directory (AD) aims to alleviate some of those complications, creating a unified, cloud-based identity management service, accessible across devices and location agnostic. If you use Skype, Office 365, OneDrive, or Outlook, odds are you’re already using Azure Active Directory without even knowing it.
However, Azure AD has a lot more to offer, with robust administrative capabilities and a readiness to integrate with numerous enterprise applications. In the identity and access management (IAM) market, Azure AD sets itself apart as a robust identity management solution that is easily integrated with other solutions, both large and small.
Microsoft’s Identity Management Portfolio
Microsoft offers a few different identity management products, each with distinctive features but all-too-similar names.
- Microsoft’s Active Directory is an on-premises directory service. It requires dedicated servers; is hierarchical; and is compatible with Kerberos, LDAP, and NTLM authentication.
- Azure Active Directory Domain Services is a web-based domain controller, similar to Active Directory but hosted on Azure. It supports the same authentication protocols, and it syncs with Azure Active Directory.
- Azure Active Directory is a single sign-on (SSO) source across devices for Microsoft products such as Office 365. It is a web-based identity solution, with a flat architecture, using OAuth 2.0, SAML 2.0, and Open ID authentication protocols.
Alternative Identity Management Products
Microsoft is far from the only provider in identity management. There are dozens of solutions on the IAM market, from big names such as IBM and Oracle to niche companies focused solely on identity management products. Some of Microsoft’s notable competition includes:
- The Okta Identity Cloud: Cloud-based enterprise-grade identity management
- WatchGuard AuthPoint: Multi-factor authentication (MFA) with third-party integration support
- LastPass for Business: MFA service with high familiarity for its consumer-grade products
- IBM Security Verify: Granular consent management and automated consent decision-making
Azure Active Directory’s connection with Office 365 products make it an easy choice for simplifying software and hardware access controls down to one user and one password. However, identity management is a dynamic, competitive field, and many providers offer unique approaches toward user lifecycle management, zero-trust policy enforcement, dashboards, auditing, and more.
Here are some of the key features that distinguish Azure AD:
- SSO: Eliminates the need to log in to an authenticator app in order to log in to the VPN to be able to log in to your email client. One set of credentials enables application access from any device or location.
- Administrative Configurability: SSO opens up the possibility for vulnerabilities, but the access controls can be tailored to administrative desires. Through the Azure Portal, admins can manage user access to applications, define hardware restrictions, enforce encryption standards, mandate specific Windows builds, and define security criteria upon which access is contingent.
- MFA: Couples traditional password protection with other means of establishing user identity, such as a security token on a USB drive or an authentication service on a cellphone, biometrics (usually in the form of a fingerprint), and sometimes proof of location such as a GPS signal or connection to a Wi-Fi network.
- Sync With Active Directory: Can connect with on-premises, legacy, or existing identity and access management servers.
- Mobile Device Management: Unlike Windows Active Directory, Azure Active Directory is designed for mobile and remote users and grants administrators high degrees of management over these devices.
- No Servers Necessary: Azure AD is offered on a cloud platform-as-a-service (PaaS) basis, eliminating needs for on-premises server configuration and maintenance and granting the high availability and redundancy expected from cloud services. Compared to traditional Active Directory, Azure AD alleviates the need for large amounts of resources.
Azure AD is not only best suited for users of Microsoft’s Office Suite, it’s already invisibly integrated into those programs. Enterprise users of Office 365 should strongly consider managing identities and access controls through Azure AD, with the additional configurations and tweaks available within the Azure Portal.
For many, this is an easy choice, as Microsoft’s Office ecosystem has been and continues to be the backbone of most enterprises. However, Microsoft is not alone in this realm, as more enterprises adopt alternatives such as Google’s G Suite, or even use GMail as their mail server back ends.
Additionally, many IT infrastructures are diverse, incorporating Linux workstations, AWS services, NAS appliances, and other solutions outside the Windows ecosystem. Unifying these under the Azure AD service is possible and, in many cases, easy. While Azure AD is best geared toward an all-Windows workplace, it contains powerful connections to many of the top enterprise software packages.
From within the Azure Portal, Azure AD stands ready to connect with a great many major enterprise software packages, providing a single sign-on to the programs companies use most. Some of the big names in this list include: Salesforce, DocuSign, Dropbox Business, Grammarly, SAP Cloud Platform, Adobe Sign, Sapient, Adaptive Insights, Creative Cloud, G Suite, GitHub, and hundreds more.
This flexibility means Azure AD can integrate into the broad range of existing enterprise services, seamlessly and easily.
Out of 52 user reviews aggregated at Gartner Peer Insights, Azure Active Directory holds a 4.6 out of 5 rating. Users praised its simplicity, particularly the SSO feature, which allows users to move between applications without requiring multiple logins. Users also praised Azure AD’s ready integration into existing services. Although, some users expressed a desire to manage the software offline, rather than expressly through an online portal.
Azure AD is available through four different pricing tiers.
- Free: Included with an existing subscription to one of Microsoft’s enterprise services, such as Azure or Intune
- Office 365: Adds features to accompany the Office 365 Suite, in addition to features available with the free tier
- Premium P1: Adds features to better manage identities on a more granular level and enables hybrid on-premises and cloud integration. Price is $6 per user per month
- Premium P2: Advanced identity protection and privilege management. Price is $9 per user per month
Additional pricing and purchase information is available through Microsoft’s sales team, though Azure partners can also provide sales, support, and software administration.
Microsoft’s Azure Active Directory is a highly scalable identity management platform, designed for enterprises and readily integrated into existing setups. It works well with the biggest software packages and many of the small ones too. It also offers the convenience of single sign-on across devices, while bringing the added security of multi-factor authentication.
While Microsoft is far from the only vendor working in identity management, they’re one of the biggest and most ubiquitous, so they’re well-supported and won’t be going away anytime soon. Microsoft also offers lengthy free trials of Azure products, including Azure Active Directory, so you can give it a try and determine if it’s right for your company.