Microsoft Azure Active Directory (Azure AD)
(Redirected from Azure Active Directory (AAD))
Jump to navigation
Jump to search
A Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management service that provides directory services, application access management, and identity protection to help secure access to applications and resources across the cloud and on-premises environments.
- AKA: Microsoft Entra ID.
- Context:
- It can provide single sign-on (SSO) to simplify the access to applications on-premises and in the cloud.
- It can integrate with Microsoft Office 365, Azure, and thousands of other SaaS applications.
- It can support multi-factor authentication (MFA) for enhanced security.
- It can include Azure AD Conditional Access to manage and secure mobile devices, apps, and users' identities, and enforce policies based on user behavior and risk factors.
- It can be instantiated as an Azure Active Directory (AAD) Instance, a specific directory within Azure, identified by a Azure Directory Name, Azure Domain Name, and a unique Azure Directory ID, which collectively manage identities, permissions, and resources.
- It can enable B2B Collaboration by allowing secure sharing of apps and services with guest users from any organization.
- It can support B2C Identity Management scenarios through Azure AD B2C, enabling businesses to manage customer identities and access to applications.
- It can provide comprehensive reporting and monitoring through security reports and audit logs to help protect user identities.
- It can offer identity governance features such as entitlement management, privileged identity management, and access reviews to ensure the right users have the right access to resources.
- It can synchronize with on-premises Active Directory using Azure AD Connect, enabling hybrid identity scenarios.
- It can be extended through Graph API, allowing developers to interact with AAD programmatically to manage users, groups, and directory objects.
- ...
- Example(s):
- In 2015, Azure AD was integrated with Office 365, enabling seamless SSO and access management for users across both services, marking a significant milestone in the platform's evolution.
- In 2017, the introduction of Azure AD B2C provided businesses with a way to manage customer identities and enhance customer engagement through secure identity management.
- In 2020, Azure AD expanded its Conditional Access capabilities, introducing real-time risk evaluation and enhanced security policies, reinforcing its position as a leading identity and access management solution.
- ...
- Counter-Example(s):
- AWS Identity and Access Management (IAM), focused on controlling access to AWS services and resources securely.
- Google Cloud Identity and Access Management (IAM), allows administrators to manage access control by defining who (identity) has what access (roles) to which resources.
- an On-Premises Active Directory (AD) that manages user identities and access within a corporate network without cloud integration.
- LDAP (Lightweight Directory Access Protocol) directories that do not provide cloud-based identity and access management features.
- See: Cloud Security, Identity Provider, Single Sign-On, Multi-Factor Authentication, Identity Governance.