Azure Active Directory (AD) is tailored for companies needing to integrate an existing AD domain with cloud apps. Microsoft’s IDaaS solution integrates tightly with AD. Attribute synchronization can be configured with Azure AD Connect and can later be mapped within individual SaaS application configurations. Azure AD also integrates users of Exchange 2013 for their mail services (including Exchange Online) in conjunction with Office 365. On installation, Azure AD Connect will recognize an Exchange installation and will automatically synchronize the according attributes.
Windows 10 also brings new capabilities to integrate with Azure AD. Windows 10 supports joining devices to Azure AD as an alternative to the corporate AD. The big benefit for Azure AD users is that authentication to the user portal is seamless as the user is already authenticated to the device, and Windows 10 apps such as Mail and Calendar will recognize if an Office 365 account is available and be automatically configured. The log-in process is very similar to the default log-in style in Windows 8 where it asks for your Microsoft account details.
Both users and security groups can be synchronized using Azure AD Connect, or users and groups can be added manually within Azure AD. However, customers in large enterprises will need to frequently use the search features in order to navigate to specific users or groups. Azure AD supports automatic provisioning of users in SaaS apps and works extremely well with Office 365. When possible, Azure AD simplifies this process as in the case of Google Apps. With a simple four-step process, Azure AD prompts you for your Google Apps login and requests your permission to configure Google Apps for automatic user provisioning.
Microsoft’s end user portal is offers a grid of application icons directing users to single sign-on (SSO) apps. The admins can choose to configure the Azure AD user portal to allow self-service actions such as password resets, application requests, or group membership requests and approvals. Azure AD supports security policies tied to individual applications for individual users or groups, or based on network location. One unique feature Microsoft offers in Azure AD Premium can help get your company started on identifying SaaS apps already in use by your organization. Cloud App Discovery uses software agents to begin to analyze user behavior in regards to SaaS apps, helping you hone in on the applications most commonly used in your organization and begin to manage those at an enterprise level.
The report set Microsoft offers with Azure AD depends upon your service level. All three pricing tiers offer basic security reports, which show basic activity and usage logs. Premium subscribers gain access to an advanced set of reports which leverage Azure’s machine learning capabilities to give insights on anomalous behavior such as successful authentication attempts after repeated failures, those from multiple geographies, or those from suspicious IP addresses.
Azure AD’s pricing begins with a free tier that supports up to 500,000 directory objects (in this case, that means users and groups) and up to 10 single sign-on (SSO) apps per user. The Free version of Azure AD is automatically included with Office 365 subscriptions, in which situation the object limit does not apply. With a retail price of $0.50 per user per month, the Basic tier of Azure AD is extremely competitive. The Basic service adds capabilities such as branding for the user portal and group-based SSO access and provisioning so, in order to automatically create user accounts in SaaS applications, you’ll need the Basic tier but it retains the 10 app per user limit. The Premium tier in Azure AD removes the limits from the amount of SSO apps users can have and adds self-service and multifactor capabilities for $6 per user per month. Azure AD Premium also includes user Client Access Licenses for Microsoft Identity Manager which can be used to synchronize and manage identities in databases, applications, other directories, and more.
Azure AD covers the majority of the core features you should be looking for in an IDaaS provider, and also features some enterprise-level tools. The pricing is very competitive, and integration with Office 365 and other Microsoft products and services are solid.
© HPC Today 2019 - All rights reserved.
Thank you for reading HPC Today.