Click here to Skip to main content
15,072,348 members
Articles / Hosted Services / Azure
Posted 31 Dec 2018


2 bookmarked

Overview of Azure Active Directory

Rate me:
Please Sign up or sign in to vote.
5.00/5 (1 vote)
31 Dec 2018CPOL4 min read
Active directory (AD) is not restricted to the Enterprise Network - it's also available on Azure Cloud.


Azure Active Directory is a fully managed multi-tenant service offered by Microsoft. It was designed for the software-as-a-service world and provides full integration between SaaS and on-site applications. With Active Directory (AD), you can get identity and access capabilities for applications running both on-site and in the cloud. This means that access to on-site and cloud applications are greatly simplified. Self-service features of AD include password management and group management. These self-service features can substantially reduce the workload of an IT department.

Image 1

If you’re already using an on-site directory, you can extend it to the cloud by using the directory integration capabilities of Azure AD. In this situation, users and groups are synced to Active Directory using, for example, Azure Active Directory Sync. This means that users can authenticate using Windows Server Active Directory when accessing on-site applications and using Azure Active Directory when accessing cloud applications. Because Azure AD is hosted in the cloud, which can be public or private, it can be accessed from anywhere. Finally, Azure AD is exposed to other services using web-based protocols and secure application programming interfaces (APIs). As a result, you can have a single sign-on (SSO) between separate services.

Who Uses It and Why?

IT admins can use AD to control access to apps and app resources, including requiring multi-factor authentication in order to access important resources. Azure AD can also increase the security of user identities and credentials. For app developers, Azure AD allows you to add a single sign-on (SSO) to your app, enabling it to work with a user’s pre-existing credentials. Finally, every Microsoft 365, Office 365, Azure or Dynamics CRM Online subscriber is already using Azure AD.

How Does It Work?


Users are generally added to a directory in Azure AD as a Work or Student Account user. The account will last as long as the user is part of the organisation and until an Administrator removes the account. A user from a different directory (an external user) in Active Directory can be added to a directory. This is useful when users in different directories need to access the same cloud applications.

Image 2

Adding Users and Groups

You can add users and groups to Active Directory in a number of ways, including:

  • Syncing from an on-site Windows Server Active Directory
  • Manually using an Azure Management Portal, provided the number of users is relatively small
  • Scripted using PowerShell and the Azure Active Directory cmdlets, which is more useful for larger numbers of users and groups
  • Programmatically using the Azure Active Directory Graph API

Access Management

You can provide access rights to a single user to an entire group. Using groups means that you can assign a set of access permissions to all the members of a group instead of one by one.

Image 3

There are three different ways to assign access rights to users, including:

  • Direct assignment. The resource owner assigns users to the resource.
  • Group assignment. The resource owner assigns a group to the resource. This means that all members of the group automatically gain access to the resource.
  • Rule-based assignment. The resource owner creates a group and also uses a rule, made up of attributes and values, to decide which users can access a specific resource.

Custom Domains & Security

Every directory gets a unique DNS name on the shared name. When you use a custom domain, you can associate a domain you own with a directory in Active Directory. This is not compulsory but is often preferred by those organisations which own their own domain name.

Image 4

Azure AD includes a number of security features including:

  • Multi-factor authentication. This provides an additional layer of security to user sign-ins and is easy to use and scalable.
  • Conditional access provides more control about how, where from and who can access data. You can easily create policies to control access based on device type, apps, user roles or networks, among others.
  • Dynamic groups provide automatic group membership based on user attributes, such as department or location, without having to manually set it up or monitor it.

Protocols Supported by Azure AD

Active Directory supports a number of protocols that are used to secure applications, including WS-Federation, SAML-P, OAuth 2.0 and OpenID Connect.

Find out more about it here: Azure Active Directory


  • 31/Dec/2018: Version 1


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Chief Technology Officer The DataWorks
United Kingdom United Kingdom
Allen is a consulting architect with a background in enterprise systems. His current obsessions are IoT, Big Data and Machine Learning. When not chained to his desk he can be found fixing broken things, playing music very badly or trying to shape things out of wood. He runs his own company specializing in systems architecture and scaling for big data and is involved in a number of technology startups.

Allen is a chartered engineer, a Fellow of the British Computing Society, and a Microsoft MVP. He writes for CodeProject, C-Sharp Corner and DZone. He currently completing a PhD in AI and is also a ball throwing slave for his dogs.

Comments and Discussions

-- There are no messages in this forum --