Azure AD Domain Services
Azure AD Domain Services for Irish Businesses
Azure AD Domain Services is a robust cloud management solution that caters to the unique needs of businesses. This service offers secure, scalable and simplified features that make it an ideal choice for businesses of all sizes.
Cloud management is an essential aspect of modern Irish business operations and Azure AD Domain Services simplifies it by providing a hassle-free solution. Its streamlined features make it easy to manage your cloud infrastructure, freeing up your time to focus on other important tasks. Whether you have a small business or a large enterprise, Azure AD Domain Services offers the scalability you need to adapt to changing needs.
There are four versions of Azure Active Directory and Azure AD DS pricing are as follows:
Free
(Included in Azure Subscription)
Limited to 500,000 Directory Objects
Identity management capabilities and device registration
Single Sign-On can be assigned to 10 apps per user
B2B collaboration capabilities (allows you to assign guest users that exist outside of your business)
Self-service password change (cloud users)
Connect (syncs on-premise AD to Azure AD)
Basic security reports
Basic
(Included in Microsoft 365 subscriptions)
Unlimited Directory Objects
Identity management capabilities and device registration
Single Sign-On can be assigned to 10 apps per user
B2B collaboration capabilities (allows you to assign guest users that exist outside of your business)
Self-service password change (cloud users)
Connect (syncs on-premise AD to Azure AD)
Basic security reports
Group-based access management and provisioning
Self-service password reset (cloud users)
Ability to brand logon pages
Service Level Agreement
Premium P1
(Free with certain Microsoft 365 Plans or €5.06 separately per user per month)
Unlimited Directory Objects
Identity management capabilities and device registration
Single Sign-On can be assigned to unlimited apps per user
B2B collaboration capabilities (allows you to assign guest users that exist outside of your business)
Self-service password change (cloud users)
Connect (syncs on-premise AD to Azure AD)
Advanced reports
Group-based access management and provisioning
Self-service password reset (cloud users)
Ability to brand logon pages
Service Level Agreement
Dynamic groups, group creation, group naming policy, usage guidelines, etc.
On-premise writeback for Self-service reset, change, and unlock
Two-way sync between on-premise and ADD
Multi-factor authentication
Microsoft Identity Manager user CAL
Cloud App Discovery
Connect Health
Conditional Access based on health/location.
Automatic password rollover (for group accounts)
Ability to grant conditional access based on location, device state, and group
Integrations with 3rd party identity governance partners
ToU
Sharepoint limited access
OneDrive for Business (limited access)
Preview integration for 3rd party MFA partners
Cloud App Security Integration
Premium P2
(€7.59 ex vat per user per month)
Unlimited Directory Objects
Identity management capabilities and device registration
Single Sign-On can be assigned to unlimited apps per user
B2B collaboration capabilities (allows you to assign guest users that exist outside of your business)
Self-service password change (cloud users)
Connect (syncs on-premise AD to Azure AD)
Advanced reports
Group-based access management and provisioning
Self-service password reset (cloud users)
Ability to brand logon pages
Service Level Agreement
Dynamic groups, group creation, group naming policy, usage guidelines, etc.
On-premise writeback for Self-service reset, change, and unlock
Two-way sync between on-premise and ADD
Multi-factor authentication
Microsoft Identity Manager user CAL
Cloud App Discovery
Connect Health
Conditional Access based on health/location.
Automatic password rollover (for group accounts)
Ability to grant conditional access based on location, device state, and group
Integrations with 3rd party identity governance partners
ToU
Sharepoint limited access
OneDrive for Business (limited access)
Preview integration for 3rd party MFA partners
Cloud App Security Integration
Identity Protection
Privileged Identity Management
Multi-factor authentication
Free vs Basic vs Office 365
Typically, both of these environments will be part of your existing license. So, if you only have an Azure license, you’ll use the free version. Also, if you only have an Office 365 license, you’ll use the Office 365 version.
The Office 365 version has two advantages over the free version – multi-factor authentication and unlimited directory objects.
Of course, having more than one layer of authentication is critical in today’s business environment, so these are not a small feature by any means. Unlimited Objects becomes a necessity for most businesses at a certain point, especially if you have over 20 employees OR you’re using lots of cloud apps. Typically, you won’t be selecting between these two. You’ll either have an Office 365 license or you won’t.
Azure AD P1 vs Azure AD P2
For Irish businesses looking to upgrade into the P1 or P2 space for additional features, Azure AD resources become apparent. These two tiers start to offer some critical components that are not available in the other three versions – which are all extremely helpful for security, compliance, and identity management.
What do P1 and P2 Share in Common?
Both of these options:
Provide unlimited directory objects
Give you identity management capabilities
Provide single sign-on for an unlimited amount of apps and unlimited users for those apps
Have B2B collab capabilities – which lets you grant access to guest users for collaborative abilities
Give self-service password change capabilities to users
Have Connect – which syncs Windows Server AD (or other on-premise AD) and Azure AD
Have advanced reports (see how apps are being utilized by users, see where risks exist, and troubleshooting capabilities)
Give you branding capabilities for portals/login pages
Have multi-factor authentication
Have app proxy
Include Group-based access management and provisioning
Have Microsoft Identity Manager user CAL
Come with a Service Level Agreement
Have Cloud App Discovery
Have Connect Health
Give you conditional access based on user location/devices
Have automatic password rollover
Give you the ability to integrate third-party identity governance partners and MFA partners
Have Terms of Use
Provide Sharepoint Limited Access
Give you limited access to OneDrive Business
Have CloudApp security integration
What’s the Difference Between Azure AD P1 and P2
There are three core differences between P1 and P2. Firstly, P2 has Identity Protection, which lets you manage conditional access to apps. Secondly, P2 gives you Privileged Identity Management (PIM). That means you with additional management over privileged accounts. Finally, you get Access Reviews.
All of these features are typically reserved for enterprises, and small businesses probably won’t require any of these features.
What are the Azure Active Directory benefits?
Benefit 1
Azure AD is not a cloud version of AD as the name might suggest. Although it performs some of the same functions, it is quite different.
Azure Active Directory is a secure online authentication store, which can contain users and groups. Users have a username and a password which are used when you sign into an application that uses Azure AD for authentication. So for example all of the Microsoft Cloud services use for authentication: Office 365, Dynamics 365 and Azure. If you have Office 365, you are already using Azure AD under the covers.
Benefit 2
As well as managing users and groups, Azure AD manages access to applications that work with modern authentication mechanisms like SAML and OAuth. Applications are an object that exists in Azure AD, and this allows you to create an identity for your applications (or third-party ones) that you can grant access to users. Besides seamlessly connecting to any Microsoft Online Services, Azure AD can connect to thousands of SaaS applications (e.g. Salesforce, Slack, ZenDesk etc) using a single sign-on.
In contrast to AD, let’s explore what Azure AD does not offer:
You can’t join a server to it
You can’t join a PC to it in the same way – there is Azure AD Join for Windows 10 only
There is no Group Policy
There is no support for LDAP, NTLM or Kerberos
It is a flat directory structure – no OU’s or Forests
So Azure AD does not replace AD
AD is great at managing traditional on-premise infrastructure and applications. Azure AD is great at managing user access to cloud applications. They do different things with the area of overlap being user management.
AD vs Azure AD – should you use one, the other or both?
If you have a traditional on-premise set up with AD and also want to use Azure AD to manage access to cloud applications (e.g. Office 365 or any of thousands of SaaS apps) then you can happily use both.
If you are using Microsoft Office 365 then your users will have a username and password for that, as well as a username and password for their network logon (managed by AD). These two sets of credentials are un-related. This is fine and just means that if you have a password change policy that users will have to do this twice (and they could of course choose the same password for both).
Or you can synchronise AD with Azure AD so that the users only have one set of credentials which they use for both their network login and access to O365. You use Azure AD Connect to do this, it is a small free piece of Microsoft software that you install on a server to perform the synchronisation.
If you are a new business or one that is looking to transition away from having any traditional on-premise infrastructure and using purely cloud-based applications, then you can operate purely using Azure AD.
In this case, although you will have all your applications in the cloud, you will of course still have physical devices – PCs and smartphones – that your team will use to access and work with these cloud applications.
So how do you secure and manage these devices?
In the case of PCs (this applies to Windows 10 only) you can Azure AD Join them and login to machines using Azure AD user accounts. You can apply conditional access policies that require machines to be Azure AD joined before accessing company resources or applications. However Azure AD Join provides limited functionality compared to AD Join (as there is no Group Policy) and in order to gain fine-grained control over the PCs, you would then use a Mobile Device Management solution, such as Microsoft Intune, in addition to this.
Other devices (Windows 10, iOS, Android, and MacOS) can be Azure AD Registered (which means you sign into the device itself without requiring an Azure AD account, but can then access apps etc using the Azure AD account) and controlled using Microsoft Intune.
If you can’t get all your applications as SaaS apps and have some that still need to run on your own servers, then you can migrate these to Virtual Machines (VMs) in Azure. If those VMs need to be domain joined, then you can either deploy a Domain Controller on another VM in Azure, or you can use Azure Active Directory Domain Services (Azure AD DS) which is a PaaS service (you don’t have to manage it) for domain joining Azure VMs. Azure AD DS automatically synchronises with Azure AD so all your users get the application access you want.
AD vs Azure AD Summary
In Summary, Azure AD is not simply a cloud version of AD, they do quite different things. AD is great at managing traditional on-premise infrastructure and applications. Azure AD is great at managing user access to cloud applications. You can use both together, or if you want to have a purely cloud-based environment you can just use Azure AD.
Want to know more?
Tier3Tech’s experts are standing by to guide you through the seamless integration of Azure AD Domain Services into your business operations. Discover the power of unlimited directory objects, multi-factor authentication and advanced access management.
Contact Tier3Tech today for further consultation on replacing your current local AD setup.
Contact us today to discover how our cloud optimisation solutions can drive efficiency and security for your business.
Microsoft Azure Training
Live Instructor LED online Training