LLMpediaThe first transparent, open encyclopedia generated by LLMs

Azure Active Directory

Generated by DeepSeek V3.2
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Microsoft OneDrive Hop 4
Expansion Funnel Raw 65 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted65
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Azure Active Directory
NameAzure Active Directory
DeveloperMicrosoft
Released01 February 2010
Operating systemCloud-based
GenreIdentity as a service (IDaaS), Identity management
LicenseSaaS

Azure Active Directory. It is a cloud-based identity as a service (IDaaS) and identity management solution developed by Microsoft. Operating as a core component of the Microsoft Azure platform, it provides comprehensive identity and access management services for cloud and hybrid environments. The service enables secure access to a wide array of applications, from Microsoft 365 and Azure resources to thousands of other SaaS applications.

Overview

Launched in 2010, it serves as the foundational identity provider for the entire Microsoft cloud ecosystem. It is fundamentally different from the on-premises Active Directory service, though it can integrate with it through tools like Azure AD Connect. The platform is designed to manage identities for organizations of all sizes, supporting scenarios ranging from business-to-consumer (B2C) applications to business-to-business (B2B) collaboration. Its global infrastructure ensures high availability and performance, leveraging Microsoft data centers worldwide.

Architecture and components

The architecture is built on a multi-tenant, geographically distributed cloud model. Core components include the Azure AD tenant, which acts as a dedicated instance representing an organization. Key services within a tenant encompass the Azure AD Graph API and the newer Microsoft Graph API, which provide programmatic access to directory objects. Other integral elements are Azure AD Domain Services, which offers managed domain services like LDAP and Kerberos, and Azure AD B2C, a separate service for customer identity management. The system relies on standard protocols such as OAuth 2.0, OpenID Connect, and SAML for authentication and authorization.

Features and capabilities

It offers a robust suite of features centered on modern identity management. Core capabilities include single sign-on (SSO) for seamless access to integrated applications, both from Microsoft and third parties like Salesforce and ServiceNow. Advanced multi-factor authentication (MFA) strengthens security, while conditional access policies allow administrators to enforce granular access controls based on user, device, location, and risk. Additional features include self-service password reset, identity protection using machine learning to detect vulnerabilities, and privileged identity management (PIM) for just-in-time administrative access. It also supports device registration for mobile device management (MDM) scenarios.

Integration and compatibility

The platform is designed for extensive integration across the Microsoft stack and beyond. It natively integrates with Microsoft 365, Dynamics 365, and the core Azure platform. For hybrid environments, Azure AD Connect synchronizes identities between on-premises Active Directory and the cloud. It supports federation with other identity providers via protocols like SAML and WS-Federation, enabling partnerships with organizations using Google Workspace or other systems. Furthermore, its application gallery contains pre-integrated templates for thousands of SaaS applications, including Dropbox, Concur, and Workday, simplifying deployment.

Security and identity management

Security is a paramount focus, employing a zero trust security model. The Identity Protection service utilizes intelligent risk detection based on signals from Microsoft Security Graph to identify compromised credentials or anomalous sign-ins. Conditional Access acts as the policy engine, enforcing requirements like MFA or limiting access to compliant devices managed by Microsoft Intune. It also provides detailed audit logs and sign-in logs for monitoring and forensic analysis. For governing access, features like access reviews and entitlement management help ensure compliance with regulations such as GDPR and HIPAA.

Pricing and licensing

It is available through multiple tiers, each tied to Microsoft 365 or Azure subscriptions. The free tier offers basic identity and access management features. Azure AD Premium P1 adds advanced administration, self-service group management, and conditional access basics. Azure AD Premium P2 includes all P1 features plus Identity Protection, Privileged Identity Management (PIM), and access reviews. Licensing is typically included within suites like Microsoft 365 E3, Microsoft 365 E5, and Enterprise Mobility + Security (EMS). Standalone licenses are also available for purchase directly through the Azure portal.

Category:Cloud computing Category:Identity management Category:Microsoft Azure