Azure Active Directory

Reliable, Enterprise scale identity and access management for the cloud

Azure Active Directory is a comprehensive and high available identity and access management cloud solution. It combines core directory services, advanced identity governance and application access management. Azure Active Directory also offers a rich standards-based platform that enables developers to deliver access control to their applications, based on centralized policy and rules. For enterprises with more demanding needs an advanced offering, Azure Active Directory Premium, helps complete the set of capabilities that this identity and access management solution delivers.

Use Azure Active Directory to:

Effectively manage users and access to cloud applications

Manage groups, user accounts and attributes through the Azure management portal. Centrally manage users’ access to Azure and other Microsoft online services like Office 365 and a world of non-Microsoft SaaS applications. Set up provisioning and de-provisioning of user accounts stored in your cloud directory to the SaaS application that your organization uses. Monitor inconsistent access patterns to mitigate potential threats and get alerts for important threats.

Extend your on-premises directories to the cloud

Extend your on-premises Active Directory and other directories to Azure Active Directory so that users can authenticate with one set of corporate credentials to their cloud-based resources. User attributes can be automatically synchronized to your cloud directory using identity synchronization connectors. Authentication is accomplished either through federation or password synchronization.

Provide single sign-on across your cloud applications

Deliver a seamless, single sign-on experience to your users across Microsoft online services, applications built on Azure and hundreds of popular non-Microsoft cloud applications. Make it easier for end users to quickly and effectively launch cloud applications from within their personalized web-based Access Panel.

Enable Multi-factor Authentication for enhanced security

Azure Multi-Factor Authentication can be enabled for Azure Active Directory users to help improve access protection to hundreds of cloud services and applications. Convenient authentication options (mobile apps, phone calls and text messages) allow for a simple sign-on experience while providing the strong security procedures that organizations require.

A rich standards-based platform for cloud authentication and access management

Azure Active Directory offers developers a way to avoid a separate ID and password for their application. Users get single sign on across your application and other applications like Office 365. Support for industry standard protocols such as SAML 2.0, WS-Federation, and OpenID Connect makes sign-in possible on a wide variety of platforms such as .Net, Java, Node.js, and PHP. The REST-based Graph API enables read and write to the directory, which is often essential for access management. Through support for OAuth 2.0, developers can build mobile and web applications that integrate with Microsoft and third party web APIs, and build their own secure web APIs. Open source client libraries are available for .Net, Windows Store, iOS, and Android, with additional libraries under development

Azure Active Directory Premium

Azure Active Directory Premium, built on top of the free offering of Azure Active Directory, provides a robust set of capabilities to empower enterprises with more demanding needs on identity and access management for on-premises, hybrid and cloud-only environments.

The advanced features of Azure Active Directory Premium features are:

  • Self-service password reset: For your end-users, the premium offering of Azure AD will provide self-service password reset capabilities for cloud applications
  • Self-Service Group Management: Users can create their own groups on Azure AD and manage their membership or request access to other groups.
  • Group-based provisioning and access management to SaaS applications: Administrators can provide and revoke application access to users based on the groups they belong.
  • Company branding: To make the end user experience even better, Azure Management portal, the Access Panel page and all other Microsoft online services logon pages can now support the addition of company logos, messages and color schemes.
  • Advanced Security Reports and Alerts: Use detailed machine learning-based reports showing sign in activity, inconsistent access patterns, and potential threat areas. Get alerts for possible threats and take actions to mitigate risks.
  • Usage Reports: Monitor the usage of cloud applications assigned to end users
  • Enterprise scale SLA

Azure Multi-Factor Authentication for cloud and on-premises applications is included in Azure Active Directory Premium.

Azure Active Directory Premium offers entitlement to Forefront Identity Manager Server and CALs.

Azure Active Directory Premium will continue to grow and embrace new identity and access management requirements of the cloud era.

Find more details and a comparison between the free and the premium offering.

Next Steps

View pricing details. Browse the documentation center for resources. Explore flexible purchase options.