In this Azure tutorial, we will discuss How To Setup Azure AD. Along with this, we will also discuss the below topics.
- Steps to set up Azure Active Directory
- Configure Azure Active Directory to perform Single Sign-On
- Setup Azure Active Directory Domain Services
- Azure AD Pricing
- How do I configure Microsoft Azure Active Directory Connect?
- How do I access the Azure Active Directory?
- How do I manually sync my Azure AD?
- Does Azure replace Active Directory?
- The Difference Between Windows Active Directory and Azure AD
- Is LDAP Active Directory?
- When should an organization consider using Microsoft azure active directory?
Table of Contents
- How To Setup Azure AD
- Steps to set up Azure Active Directory
- Configure Azure Active Directory to perform Single Sign-On
- Setup Azure Active Directory Domain Services
- How to create a managed domain
- Azure AD Pricing
- How do I configure Microsoft Azure Active Directory connect?
- How do I access Azure Active Directory?
- How do I manually sync my Azure AD?
- Does Azure replace Active Directory?
- The Difference Between Windows Active Directory and Azure AD
- Is LDAP Active Directory?
- When should an organization consider using Microsoft azure active directory?
How To Setup Azure AD
Well, before discussing How To Setup Azure AD, We should have little idea on What is Azure Active Directory?
Now assuming you have some idea on Azure Active Directory, let’s discuss How To Setup Azure AD or Steps to set up Azure Active Directory.
Steps to set up Azure Active Directory
Follow the below steps to set up Azure Active Directory using the Azure Portal.
Step-1: Login to Azure Portal (https://portal.azure.com/)
Step-2: Once you logged in, click on the + Create a resource from the left navigation menu.
Step-3: On the New page, search for the Azure Active Directory and click on the search result.
Step-4: Click on the Create button on the Azure Active Directory page.
Step-5: On the Create tenant page, enter the Organization name, Initial domain name, and the Country or Region and then click on the Create Button.
Navigate to the Azure Active Directory you have created, from the left navigation, select App registrations
Provide the name of the application and choose the other options like below and then click on the Register button.
If you want to see all the registered applications under that Azure Active Directory then click on the App registrations and then click on the All application options.
You can click on the registered application and then can set the Redirect URLs and Application ID URL by clicking on the Add a Redirect URL and Add an application ID URL links respectively.
Now you can click on the Endpoints to see all the endpoints including the Microsoft GraphAPI. You can copy these endpoints if you need to use those externally.
Click on the API permission from the left side menu then click on the + Add permission then You can click on the Microsoft Graph from the list of APIs.
Now from the Request API permissions, you can choose the Delegated permissions and then select the needed permission under the Permission section based on your business need and click on the Add permissions button.
You can also choose the Application permissions based on your business needs.
In the same way, you can choose the other API like Azure DevOps, Azure Key Vault, Azure Rights Management Services, Azure Service Management, Azure Storage, etc based on your business need.
Configure Azure Active Directory to perform Single Sign-On
Navigate to the Azure Active Directory, click on the App registrations and then you can click New application registration to add a new application
On the Register, an application page, Provide a name, Choose an option for Who can use these applications, or access this API? and then choose the Redirect URI as a Public client/native (mobile/desktop) option and provide the required URI then click on the Register button.
Click on the API permissions and then + Add a permission —> Select an API based on your requirement.
Setup Azure Active Directory Domain Services
Azure Active Directory Domain Services provides domain join, group policy, etc that are compatible with Windows Server Active Directory. It is one of the managed domain services from Microsoft in the Cloud.
Before going to start with the setup of the Azure Active Directory Domain Services, We need a few things as Prerequisites.
- The first thing is, you should have a valid Azure Account/Subscription. If you don’t have then create an Azure free account now.
- The next thing you need is, An Azure Active Directory tenant that belongs to your Azure Subscription
- You must have global administrator privileges in your Azure Active Directory tenant.
So now, let’s start the Setup Azure Active Directory Domain Services
First step is to login to the Microsoft Azure portal (https://portal.azure.com/)
How to create a managed domain
Follow the below steps to enable the Azure AD Domain Services wizard
Once you logged in to the Azure Portal, click on the + Create a resource from the left navigation menu.
On the New page, Search for Domain Services and click on the search result Azure AD Domain Services.
On the Azure AD Domain Services window, click on the Create button.
On the Create Azure AD Domain Services, Select the Subscription, Choose an existing Resource group or you can also create a new resource group by clicking the Create new link to create a new resource group.
Provide a DNS Domain name. While Providing a DNS domain name, you can choose either the default domain name which will be auto-populated or you can also choose a custom domain name if you want. This is the most common approach to choose a custom domain.
Note: A recommendation here is, always to use a separate domain name which is different than any existing Azure or on-premises DNS name. For example, if your existing DNS name is xyz.com then don’t use the same one. you may use AADxyz.com.
There are also few restrictions while choosing your domain mane. These are as below
- The prefix for your domain name should contain within 15 characters.
- The domain name shouldn’t already exist in the virtual network.
Now the next thing is choose the Location in which the domain should be created.
The work of the SKU is to determine the backup frequency, performance, and the maximum number of forest trusts you can create. Choose the SKU as Standard. You can also choose other options based on your business needs.
The next option to choose is the forest type. Basically this is a logical construct that is used by the Active Directory Domain services to group more than one domain. The user option is the default option for the Forest Type. You can use the default option in this case.
For all other tabs, you can keep the default option as it is. Now the next option is click on the Review + Create button.
Now the final step is click on the Create button to create Azure Active Directory Domain Services.
Azure AD Pricing
There are 4 versions available for the Azure Active Directory. These are as below
- Free version
- Office 365 apps version
- Premium P1 version
- Premium P2 version
One more good thing with this pricing model is you pay for what you use.
| Free version | Office 365 apps version | Premium P1 version | Premium P2 version | |
| Price | Free | O365 E1, E3, E5, F1, F3 | ₹396.578 user/month | ₹594.867 user/month |
| Directory Objects | 5,00,000 number of Objects Limit | No Limit for number of objects | No Limit for number of objects | No Limit for number of objects |
| Unlimited Single Sign-On | Yes | Yes | Yes | Yes |
| Provisioning easily | Yes | Yes | Yes | Yes |
| Federated Authentication | Yes | Yes | Yes | Yes |
| Management of User and group | Yes | Yes | Yes | Yes |
| Cloud Authentication Support | Yes | Yes | Yes | Yes |
| Synchronization with Azure AD Connect | Yes | Yes | Yes | Yes |
| Option for Self-Service Password Change for cloud users | Yes | Yes | Yes | Yes |
| Multi-Factor Authentication Feature | Yes | Yes | Yes | Yes |
| Password Protection Feature | Yes | Yes | Yes | Yes |
| Company branding | No | Yes | Yes | Yes |
| Service Level Agreement | No | Yes | Yes | Yes |
| Device write-back | No | Yes | Yes | Yes |
| Password Protection (custom banned password) | No | No | Yes | Yes |
| Self-service password | No | No | Yes | Yes |
| Group access management facility | No | No | Yes | Yes |
| Advanced security and usage reports | No | No | Yes | Yes |
| Application Proxy | No | No | Yes | Yes |
| Connect Health feature | No | No | Yes | Yes |
| Dynamic groups support | No | No | Yes | Yes |
| Group naming policy feature | No | No | Yes | Yes |
| Group expiration policy | No | No | Yes | Yes |
| Usage guidelines feature | No | No | Yes | Yes |
| Azure Information Protection integration feature | No | No | Yes | Yes |
| Limited access to SharePoint | No | No | Yes | Yes |
| Microsoft Cloud App Security integration feature | No | No | Yes | Yes |
| Terms of Use | No | No | Yes | Yes |
| Risk events investigation feature | No | No | No | Yes |
| Privileged Identity Management Feature | No | No | No | Yes |
| Access Reviews feature | No | No | No | Yes |
| Entitlement Management feature | No | No | No | Yes |
These are few details on the Pricing of Azure Active directory. For more information, you can refer to the Microsoft Official site
How do I configure Microsoft Azure Active Directory connect?
Azure AD Connect is one of the tool from Microsoft that helps with multiple features like Password hash synchronization – This is a sign-in method that synchronizes a hash of the on-premises Active Directory password of the user with Azure AD
Now, the next step is you can download and configure the Azure AD Connect.
How do I access Azure Active Directory?
You can access to the Azure Active Directory using the below steps.
Step-1: Login to Azure Portal (https://portal.azure.com/)
Step-2: Search for the Azure Active Directory and click on the search result to access the Azure Active Directory.
Or, for the same option, you can click on Azure Active Directory link from the left side navigation
Step-3: Now once you click on the Azure Active Directory link, You can see the Azure Active Directory page, Where you have the options to perform multiple tasks.
This is how you can access the Azure Active Directory using the Azure Portal.
How do I manually sync my Azure AD?
We can manually sync the Azure Active Directory using the PowerShell cmdlet. Follow the below steps to sync your Azure AD.
Step-1: Open the Windows PowerShell or PowerShell ISE as an administrator mode.
Step-2: Run the below cmdlet, to import the ADSync module
Import-Module ADSync
Step-3: You can use the below PowerShell cmdlet
PS C:\WINDOWS\system32> Start-ADSyncSyncCycle -PolicyType Delta
Or, you can also use the below PowerShell cmdlet to force AD sync
PS C:\WINDOWS\system32> Start-ADSyncSyncCycle -PolicyType Initial
This is How do I manually sync my Azure AD?
Does Azure replace Active Directory?
The answer to this question is no. Azure Active Directory is not meant to be exactly same as Active Directory.
The Azure Active Directory is not the replacement of Active Directory. Azure Active Directory has some different set of activities compared to the Active Directory. Azure Active Directory has more features compared to AD.
Azure Active Directory is designed to support different types of Web-based services but the Active Directory is not designed to support the same.
The Difference Between Windows Active Directory and Azure AD
As discussed above, Windows Active Directory and Azure AD are not designed for the same. So there are many differences between them. Let’s discuss a few key differences between them.
| Windows Active Directory | Azure Active Directory |
| Windows Active Directory is mainly designed to provide the opportunity to get control over their on-premises devices and different applications by organizing users and computers, etc. It helps users with authorization and authentication functionality. | It also is popularly known as Azure AD, which is the single and universal cloud-based identity and access management platform. |
| Active Directory doesn’t support different types of Web-based services | Azure Active Directory is designed to support different types of Web-based services |
| Security is the Key for the on-premises environment. | Security is the Key for the cloud environment |
These are few differences between Windows Active Directory and Azure AD.
Is LDAP Active Directory?
No, LDAP is not the Active directory. LDAP is Lightweight Directory Access Protocol is a protocol that helps to communicate to the Active directory.
In other words, LDAP helps you to provide the communication language that helps the applications to communicate with the different other directory services servers.
LDAP (Lightweight Directory Access Protocol) is the open-access protocol that different directory services like Active Directory, Red Hat Directory Service, Apache Directory Server, etc can understand.
When should an organization consider using Microsoft azure active directory?
First of all, an organization considers using Microsoft Azure Active Directory if the organization already has the Microsoft Office 365 services.
Azure AD is the identity platform to manage your internal and external users securely. Organizations use Azure AD to store user information like Name, ID, Email, Address, etc.
It really helps the Organizations interns of Security. Authentication and authorization functionalities.
You may also like following the below tutorials
- How Do I Make Azure Tag
- How To Connect To Azure SQL Database
- What is Microsoft Cloud Background Check
- Microsoft Azure Backup Agent
- How To Host A Website On Azure
- 7 Key Benefits of Microsoft Azure + Azure for Business
Conclusion
Well, in this tutorial, we discussed How To Setup Azure AD, Steps to set up Azure Active Directory, Configure Azure Active Directory to perform Single Sign-On, Setup Azure Active Directory Domain Services and along with this, we also discussed Azure AD Pricing, Does Azure replace Active Directory?, The Difference Between Windows Active Directory and Azure AD and finally Is LDAP Active Directory? and When should an organization consider using Microsoft azure active directory?.