What is the azure active directory and how Azure AD works?

In this Azure tutorial, we will discuss What is the Azure active directory and how Azure AD works? We will also discuss a few related FAQs.

What is the Azure Active Directory – Video Tutorial

I have created a video tutorial on What is Azure Active Directory?

Subscribe to Our YouTube Channel for more free videos

What is the Azure active directory and how Azure AD works?

First, Let’s discuss What is the Azure active directory and then we will discuss how Azure AD works?

What is Azure Active Directory

In simple words, Azure Active Directory is the cloud version of Active Directory.

It also is popularly known as Azure AD, which is the single and universal cloud-based identity and access management platform. Every organization will have an Azure AD or AD which helps employees to sign in and access various resources within the organization.

Azure AD is the identity platform to manage your internal and external users securely. Organizations use Azure AD to store user information like Name, ID, Email, Address, etc.

According to Microsoft Every day, Azure AD manages more than 1.2 billion identities and processes over 8 billion authentications which is huge in numbers.

Few days to day activities that usually happen in an Azure AD are like:

  • Add or delete users
  • Restore users
  • Add or change user profile information
  • Reset or Change a user’s password
  • Self-service password reset
  • Assign or remove user roles
  • Assign or remove user licenses
  • Create or delete Azure AD groups
  • Edit Azure AD group information
  • Add or remove members from Azure AD groups
  • Add, remove or change Azure AD group owners, etc.

Azure Active Directory supports single sign-on to more than 2800 SaaS (software as a service) applications like Azure, Office 365, salesforce, Google Apps, ServiceNow, etc. Through single sign-on, users can enter credentials once and then can access other applications or services without entering any credentials.

Azure AD also provides identity management for PaaS and IaaS applications.

How Azure Active Directory Works?

Now, let us try to understand how Azure AD works.

Azure AD works on a licensing model. There are two ways (license), you can access Azure AD.

  • Microsoft Online Services
  • Azure AD Premium Licenses

If you have Office 365 or Microsoft Azure license, then you will get all the free Azure features.

Else yu can get Azure premium features through Power BI premium licenses:

  • Premium P1
  • Premium P2 licenses

With an Office 365 or Microsoft Azure AD license, you can also upgrade to the Azure AD premium licenses.

Now, let us see Azure AD licensing options and pricing options.

Based on the Azure active directory licensing options, you can get different Azure AD features.

  • Azure AD Free: With this free license, you will get fewer features like user management, group management, on-premises directory synchronization, self-service password change, single sign-on feature, Office 365, etc.
  • Premium P1: The Premium P1 provides, all free features with some advanced administration features like dynamic groups, self-service group management, Microsoft Identity Manager, cloud write-back capabilities like self-service password reset for your on-premises users, etc.
  • Premium P2: Premium P2 provides all free features and Premium P1 features with additional features like identity protection and Privileged Identity Management features.
  • Pay-as-you-go feature licenses: This is also known as Azure AD Business-to-Customer (B2C) license which provides identity and access management solutions for your customer-facing apps.
  • Azure AD Premium P1 costs $6 user/month (on annual commitment)
  • Azure AD Premium P2 costs $9 user/month (on annual commitment)

You can also check Azure AD Pricing for more details.

Advantages of Azure active directory

1- single sign-on: This is the single sign-on feature you are able to access a number of apps from anywhere. The apps include Office 365, Azure, Salesforce Dropbox, etc. Active Directory provides simplified single sign-on services to more than 2800 software-as-a-service applications. With Azure active directory free license, single sign-on will be assigned to 10 apps per user. But if you have an Azure active directory premium license then it can be assigned to unlimited apps per user.

2- High availability:  Microsoft Azure active directory data centers spread across 58 locations all over the world. Microsoft provides 99.99% SLA for all the paid versions of Azure Active Directory.

3- Application proxy: By using Microsoft Azure active directory application proxy feature organizations can publish on-premises applications for secure remote access.  you really do not need to use any VPN, all your users can access applications over the internet like we are accessing Office 365.

4- Self-service password reset:  Azure AD provides an option by using which users can reset their password by themselves without contacting any support team. This feature is known as a self-service password reset.  they can unlock their account as well as can change their password by themselves. The Azure active directory also provides a self-service group management feature, by using which users can create and manage groups by themselves who are the owner of the group. Annually organizations can save a lot of money by using the self-service password reset options.

5- Multi-Factor Authentication: Security is very important in any organization. Azure active directory profiles multi-factor authentication which is also known as two-step verification. This provides an additional level of security for the users to sign in. So if any user’s password is compromised still their account is secure, other people cannot access it even if they have the password. Here users have to provide multiple factors to authenticate themselves.

6- Privileged identity management: Microsoft provides privileged identity management features in the Azure active directory which is used to secure very critical business assets. this will provide just-in-time administrative access.

7- Azure active directory B2B: Microsoft Azure active directory B2B feature allows organizations to add their partners to their projects or groups so that they can share information internally without worrying about the vendor’s identity. partners also can access information from their existing identity.

8- Azure active directory B2C: by using the Azure active directory b2c feature, organization scams allow their customers for their business applications. as an organization, by using the Azure active directory b2c feature you can create a tenant where your customers can log in with their social as well as their corporate email accounts.

9-Developer tools access: Azure Active directory allowed the users to integrate and access a number of apps and services like your Google apps, workday, Office 365, my day, Salesforce, box, etc.


Is Azure Active Directory Free?

Some people ask is Azure Active Directory (AD) is free. Yes, Azure also comes with a free edition. Azure AD comes in 4 editions: Free, Office 365 apps, Azure AD Premium P1, and Azure AD Premium P2.

Azure AD Free editions come as a part of Microsoft online services like Azure, Dynamics 365, Intune, Power Platform, and Office 365. So ideally, this is not completely free, it is a part of various online services.

Azure AD free edition has very limited features, few features are like:

  • 500000 Directory objects
  • Up to 10 single sign-on apps
  • Federated Authentication
  • Add/Update/Delete User management
  • Device registration
  • Cloud Authentication
  • Azure AD Connect sync
  • Self-Service Password Change for cloud users
  • Azure AD Join
  • Password Protection
  • Multi-Factor Authentication
  • Basic security and usage reports
  • Azure AD features for guest users etc.

You can try Azure AD free.

What is the difference between Active Directory and Azure Active Directory?

Now let us see what is the difference between AD and Azure AD.

Active Directory (AD) is like a database that is used to store an organization’s users, groups and computers, etc. AD also provides authentication and authorization to various applications, file servers, printers, and various other resources inside the organization.

Windows AD comes with Windows server editions. First, AD comes with windows server 2000.

On the other side, Azure AD is the cloud version of AD. Azure AD exists in Microsoft data centers that store information about users, groups, etc. If you are having an Office 365 subscription, then you have by default Azure AD.

One of the major differences between AD and Azure AD, AD is designed for Windows applications or on-premises applications. On the other hand, Azure AD is designed for web-based services. Azure AD supports various web-based services like Salesforce, Office 365, Azure, etc.

In Windows Active Directory, we create forests and domains. But in Azure AD, you will create a tenant for the entire organization.

Can Azure AD replace Active Directory?

This question comes can Azure AD replace AD? Azure AD is not a replacement for Windows AD.

If organizations have on-premises AD, then you can integrate on-premises AD with Azure AD Connect which will sync AD and Azure AD. After that, the user authenticates using the same credentials.

Suppose, you do not have an on-premises Windows AD, then you can have an Office 365 subscription where you can access Azure AD with other various online services.

Does Office 365 require Azure AD?

Does Office 365 require Azure AD? Yes, it requires.

Behind the scenes, Office 365 uses Azure Active Directory or Azure AD. Office 365 manages users inside Azure AD, which is a free subscription to Azure AD which comes with Office 365 subscription.

As an Office 365 subscription user, you can access Office 365 apps like mail, calendar, contacts, users, groups, fields, etc. with single sign-on.

But anytime, you can upgrade your Azure AD free subscription to a paid Azure AD premium subscription.

Learn, how to Access Azure AD.

What Is Azure Active Directory Premium P1

Active Directory Premium P1 is an enterprise-level version of Azure Active Directory that provides you with an identity management feature for remote, on-premise, and hybrid users for accessing different applications in the cloud or locally.

This edition also provides different interesting features like access management, self-service identity, and Different group management including dynamic groups.

Another interesting feature is, it also provides the Microsoft Identity Manager.

Active Directory Domain Services VS Microsoft Azure Active Directory

Microsoft Azure Active Directory Active Directory Domain Services
Microsoft Azure Active Directory is the cloud version of AD. Azure AD exists in Microsoft data centers that store information about users, groups, etc. If you are having an Office 365 subscription, then you have by default Azure AD. Azure Active Directory Domain Services helps you to join your Azure virtual machine to a domain. where you do not need to deploy domain controllers.
Azure AD is designed for web-based services. Azure AD supports various web-based services like Salesforce, Office 365, Azure, etc. It provides LDAP, group policy, domain join, and Different authentication like NTLM and Kerberos.
It integrates easily with your Azure AD tenant which helps the users login with the help of their corporate credentials.
Doesn’t matter if your Azure AD is in the cloud or it is synced with your on-premises Active Directory, Azure Active Directory Domain Services works perfectly with both.

What is new in Azure AD?

Microsoft is releasing new features or improvements regularly. You can check the below URL, to know about the Azure AD latest releases, bug fixes, known issues, deprecated features or functionality, etc.


In this tutorial, we learned the below things:

  • What is Azure Active Directory
  • How it Works and Pricing
  • FAQs

Hope you have enjoyed this article !!!