Microsoft Azure Active Directory (Azure AD): Difference between revisions

From GM-RKB
Jump to navigation Jump to search
(Created page with "A Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management service that provides directory services, application access management, and identity protection to help secure access to applications and resources across the cloud and on-premises environments. * <B>Context:</B> ** It can provide single sign-on (SSO) to simplify the access to applications on-premises and in the cloud. ** It can integrate with Microso...")
 
No edit summary
 
(8 intermediate revisions by 2 users not shown)
Line 1: Line 1:
A [[Microsoft Azure Active Directory (Azure AD)]] is a [[cloud-based identity and access management service]] that provides [[directory services]], [[application access management]], and [[identity protection]] to help secure access to applications and resources across the cloud and on-premises environments.
A [[Microsoft Azure Active Directory (Azure AD)]] is a [[cloud identity and access management platform]] that facilitates the creation of [[identity management system]]s (to manage [[cloud application access]] and [[identity protection]] across [[cloud environment]]s and [[on-premises environment]]s).
* <B>AKA:</B> [[Microsoft Entra ID]], [[Azure Identity Platform]].
* <B>Context:</B>
* <B>Context:</B>
** It can provide [[single sign-on (SSO)]] to simplify the access to applications on-premises and in the cloud.
** It can typically provide [[Identity Management]] through [[user lifecycle workflow]]s.
** It can integrate with [[Microsoft Office 365]], [[Azure]], and thousands of other [[SaaS]] applications.
** It can typically enable [[Access Control]] through [[role assignment]]s.
** It can support [[multi-factor authentication (MFA)]] for enhanced security.
** It can typically support [[Authentication]] through [[multi-factor verification]].
** It can manage and secure mobile devices, apps, and users' identities using [[Azure AD Conditional Access]].
** It can typically maintain [[Security Policy]] through [[conditional access rule]]s.
** It can enable [[B2B]] (business-to-business) collaboration by allowing secure sharing of apps and services with guest users from any organization.
** It can typically handle [[Directory Service]] through [[azure ad connect]].
** It can support [[B2C]] (business-to-consumer) scenarios through Azure AD B2C, a customer identity access management solution.
** It can provide comprehensive reporting and monitoring through [[security reports]] and [[audit logs]] to help protect user identities.
** It can offer [[identity governance]] features such as entitlement management, privileged identity management, and access reviews to ensure the right users have the right access to resources.
** ...
** ...
* <B>Example(s):</B>
** It can often facilitate [[Single Sign-On]] through [[federation service]]s.
** It can often provide [[Identity Protection]] through [[risk detection]].
** It can often implement [[Access Governance]] through [[access review]]s.
** It can often support [[Application Integration]] through [[service principal]]s.
** ...
** ...
* <B>Counter-Example(s):</B>  
** It can range from being a [[Free Azure AD]] to being a [[Premium Azure AD]], depending on its [[licensing tier]].
** [[AWS Identity and Access Management (IAM)]], focused on controlling access to AWS services and resources securely.
** It can range from being a [[Cloud-Only Directory]] to being a [[Hybrid Identity Solution]], depending on its [[deployment model]].
** [[Google Cloud Identity and Access Management (IAM)]], allows administrators to manage access control by defining who (identity) has what access (roles) to which resources.  
** ...
** an [[On-Premises Active Directory (AD)]] that manages user identities and access within a corporate network without cloud integration.
** It can integrate with [[Microsoft 365]] for [[workspace authentication]].
** [[LDAP (Lightweight Directory Access Protocol)]] directories that do not provide cloud-based identity and access management features.
** It can connect to [[Enterprise Application]]s for [[application access]].
* <B>See:</B> [[Cloud Security]], [[Identity Provider]], [[Single Sign-On]], [[Multi-Factor Authentication]], [[Identity Governance]].
** It can support [[Security Information]] systems for [[threat protection]].
** ...
* <B>Examples:</B>
** [[Azure AD Implementation Type]]s, such as:
*** [[Azure AD Authentication Type]]s, such as:
**** [[Password-Based Authentication]] for [[user login]].
**** [[Certificate-Based Authentication]] for [[device authentication]].
**** [[Windows Hello for Business]] for [[passwordless authentication]].
*** [[Azure AD Access Type]]s, such as:
**** [[Conditional Access Policy]] for [[risk-based control]].
**** [[Just-In-Time Access]] for [[privileged access]].
**** [[Guest User Access]] for [[b2b collaboration]].
*** [[Azure AD Protection Type]]s, such as:
**** [[Identity Protection Policy]] for [[risk detection]].
**** [[Access Review Policy]] for [[access governance]].
**** [[PIM Policy]] for [[privileged identity management]].
** ...
* <B>Counter-Examples:</B>
** [[AWS Identity and Access Management]] for [[amazon web services]].
** [[Google Cloud Identity]] for [[google cloud platform]].
** [[On-Premises Active Directory]] which lacks [[cloud capability]]s.
* <B>See:</B> [[Enterprise Identity Platform]], [[Cloud Access Security]], [[Identity Governance Platform]], [[Zero Trust Security]].


----
----
__NOTOC__
[[Category:Concept]]
[[Category:Azure Service]]
[[Category:Identity Platform]]
[[Category:Quality Silver]]

Latest revision as of 21:31, 24 January 2025

A Microsoft Azure Active Directory (Azure AD) is a cloud identity and access management platform that facilitates the creation of identity management systems (to manage cloud application access and identity protection across cloud environments and on-premises environments).

Retrieved from "http://www.gabormelli.com/RKB/index.php?title=Microsoft_Azure_Active_Directory_(Azure_AD)&oldid=932261"