If you’re reading the Insider Threat Security Blog, I’m sure you’re familiar with Active Directory. We’ve covered many topics with on-premise Active Directory: from clean-up to advanced attacks and threat detection. But what about Azure Active Directory? Has your organization started to march into the cloud and begun the migration process? Perhaps you’re just looking to wrap your head around what Microsoft has to offer. STEALTHbits is here to help.
At a high level, Azure AD is just Active Directory in the cloud. It is NOT the same as on-premise Active Directory though – this is not just Active Directory virtualized and hosted somewhere else. Azure Active Directory is a Microsoft ‘enterprise identity service’ offering that allows relatively seamless integration with external cloud-based applications, such as Office 365, and even on-premise applications that you’ve developed on your own. Azure Active Directory is very similar to on-premise AD, many of the concepts you’re familiar with will translate into something in the cloud.
Azure Active Directory has a couple tiers of licenses. When you purchase a cloud-based business service, such as Office 365, your users will require Azure AD accounts to sign-in to these resources. This version is free, and only allows simple functionality such as user and group management, synchronization to your on-premise Active Directory, basic reporting, and single-sign-on.
There are two licenses beyond the free version: Azure Active Directory Premium P1 and Azure Active Directory Premium P2. Both of these premium versions come with some extra flavor that will help manage Azure AD or boost your capability to secure it.
In addition to the free features noted above, the P1 license lets you do a few more cool things. The P1 license allows for hybrid users to access both on-premise and cloud resources. It also allows you to do more advanced administration, this includes things like dynamic groups and self-service group management. It also comes with Microsoft Identity Manager, an on-premise identity and access management suite.
In addition to the P1 features and free features mentioned above, the P2 license comes with Azure Active Directory Identity Protection, which helps provide risk-based conditional access to your applications and data. It also comes with Privileged Identity Management, which helps identify, restrict and monitor administrators and their access.
Similar to an Active Directory domain, there are Azure Active Directory tenants. These tenants are the instances of Azure that your organization has access to that control all of the resources that can be accessed. Similar to the ‘directory’ within your on-premise domain, the Azure AD directory contains users, groups and applications within the tenant. Identity and access management is controlled through the directory to allow access to your resources and applications.
That’s a quick high-level overview of Azure Active Directory and its offerings. In the future, I’ll be diving deeper into some of the advanced features mentioned previously, such as Azure PIM (Privileged Identity Manager), Azure managed identities, Azure Identity Protection, and some of the reports Azure offers to help you understand, monitor, and secure your tenant.
Kevin Joyce is a Senior Technical Product Manager at Stealthbits – now part of Netwrix. He is responsible for building and delivering on the roadmap of Stealthbits products and solutions.
Kevin is passionate about cyber-security and holds a Bachelor of Science degree in Digital Forensics from Bloomsburg University of Pennsylvania.
Learn why Active Directory security should be a priority for your organization and ways to mitigate against a data breach with this free white paper!Read more
Start a Free Stealthbits Trial!
No risk. No obligation.