What is Azure AD and how Azure AD works?

In this Azure tutorial, we will discuss What is the Azure active directory and how Azure AD works, a complete Azure Active Directory tutorial, And a few related FAQs.

What is the Azure Active Directory – Video Tutorial

I have created a video tutorial on What is Azure Active Directory?

Subscribe to Our YouTube Channel for more free videos

What is Azure AD and how Azure AD works?

First, Let’s discuss What is the Azure active directory and then we will discuss how Azure AD works?

What is Azure Active Directory

Simply put, Azure Active Directory is the cloud version of Active Directory.

Azure AD is the single and universal cloud-based identity and access management platform. Every organization will have an Azure AD or AD, which helps employees sign in and access various resources within the organization.

Azure AD is the identity platform to manage your internal and external users securely. Organizations use Azure AD to store user information like Name, ID, Email, Address, etc.

According to Microsoft, Every day, Azure AD manages more than 1.2 billion identities and processes over 8 billion authentications, which is vast in numbers.

Few days to day activities that usually happen in an Azure AD are like:

  • Add or delete users
  • Restore users
  • Add or change user profile information
  • Reset or Change a user’s password
  • Self-service password reset
  • Assign or remove user roles
  • Assign or remove user licenses
  • Create or delete Azure AD groups
  • Edit Azure AD group information
  • Add or remove members from Azure AD groups
  • Add, remove, or change Azure AD group owners, etc.

Azure Active Directory supports single sign-on to more than 2800 SaaS (software as a service) applications like Azure, Office 365, salesforce, Google Apps, ServiceNow, etc. Through single sign-on, users can enter credentials once and then can access other applications or services without entering any credentials.

Azure AD also provides identity management for PaaS and IaaS applications.

How Azure Active Directory Works?

Now, let us try to understand how Azure AD works.

Azure AD has a licensing model. There are two ways (license) to access Azure AD.

  • Microsoft Online Services
  • Azure AD Premium Licenses

You will get all the free Azure features with Office 365 or Microsoft Azure licenses.

You can get Azure premium features through Power BI premium licenses:

  • Premium P1
  • Premium P2 licenses

With an Office 365 or Microsoft Azure AD license, you can also upgrade to the Azure AD premium licenses.

Now, let us see Azure AD licensing options and pricing options.

You can get different Azure AD features based on the Azure Active Directory licensing options.

  • Azure AD Free: With this free license, you will get fewer features like user management, group management, on-premises directory synchronization, self-service password change, single sign-on feature, Office 365, etc.
  • Premium P1: The Premium P1 provides all free features with advanced administration features like dynamic groups, self-service group management, Microsoft Identity Manager, cloud write-back capabilities like self-service password reset for your on-premises users, etc.
  • Premium P2: Premium P2 provides all free features, and Premium P1 features with additional features like identity protection and Privileged Identity Management features.
  • Pay-as-you-go feature licenses: This is also known as Azure AD Business-to-Customer (B2C) license, which provides identity and access management solutions for your customer-facing apps.
  • Azure AD Premium P1 costs $6 per user/month (on annual commitment)
  • Azure AD Premium P2 costs $9 per user/month (on annual commitment)

You can also check Azure AD Pricing for more details.

Advantages of Azure active directory

1- single sign-on: This is the single sign-on feature you can access several apps from anywhere. The apps include Office 365, Azure, Salesforce, Dropbox, etc. Active Directory provides simplified single sign-on services to more than 2800 software-as-a-service applications. Azure’s active directory free license will assign a single sign-on to 10 apps per user. But if you have an Azure active directory premium license, it can be assigned to unlimited apps per user.

2- High availability:  Microsoft Azure active directory data centers spread across 58 locations worldwide. Microsoft provides 99.99% SLA for all the paid versions of Azure Active Directory.

3- Application proxy: Organizations can publish on-premises applications for secure remote access using the Microsoft Azure active directory application proxy feature. You do not need to use a VPN. All your users can access applications over the internet, just like we access Office 365.

4- Self-service password reset:  Azure AD allows users to reset their passwords without contacting any support team. This feature is known as a self-service password reset.  they can unlock their account as well as change their password by themselves. The Azure active directory also provides a self-service group management feature by which users can create and manage groups themselves, the group’s owners. Organizations can save a lot of money using self-service password reset options.

5- Multi-Factor Authentication: Security is critical in any organization. Azure active directory profiles multi-factor authentication, also known as two-step verification. This provides an additional level of security for the users to sign in. So if any user’s password is compromised still, their account is secure, other people cannot access it even if they have the password. Here, users have to provide multiple factors to authenticate themselves.

6- Privileged identity management: Microsoft provides privileged identity management features in the Azure active directory to secure critical business assets. this will provide just-in-time administrative access.

7- Azure active directory B2B: Microsoft Azure active directory B2B feature allows organizations to add their partners to their projects or groups to share information internally without worrying about the vendor’s identity. partners can also access information from their existing identity.

8- Azure active directory B2C: using the Azure active directory b2c feature, organization scams allow customers to access their business applications. as an organization, using the Azure active directory b2c feature, you can create a tenant where your customers can log in with their social and corporate email accounts.

9-Developer tools access: Azure Active directory allows the users to integrate and access several apps and services like your Google apps, workday, Office 365, My Day, Salesforce, box, etc.


Is Azure Active Directory Free?

Some people ask if Azure Active Directory (AD) is free. Yes, Azure also comes with a free edition. Azure AD comes in 4 editions: Free, Office 365 apps, Azure AD Premium P1, and Azure AD Premium P2.

Azure AD Free editions are part of Microsoft online services like Azure, Dynamics 365, Intune, Power Platform, and Office 365. So, while it is not entirely free, it is part of various online services.

Azure AD free edition has minimal features. A few features are like:

  • 500000 Directory objects
  • Up to 10 single sign-on apps
  • Federated Authentication
  • Add/Update/Delete User management
  • Device registration
  • Cloud Authentication
  • Azure AD Connect sync
  • Self-Service Password Change for cloud users
  • Azure AD Join
  • Password Protection
  • Multi-Factor Authentication
  • Basic security and usage reports
  • Azure AD features for guest users, etc.

You can try Azure AD free.

What is the difference between Active Directory and Azure Active Directory?

Now let us see what is the difference between AD and Azure AD.

Active Directory (AD) is like a database used to store an organization’s users, groups, computers, etc. AD also provides authentication and authorization to various applications, file servers, printers, and other organization resources.

Windows AD comes with Windows server editions. First, AD comes with Windows Server 2000.

On the other hand, Azure AD is the cloud version of AD. It exists in Microsoft data centers that store user and group information. If you have an Office 365 subscription, you have Azure AD by default.

One of the significant differences between AD and Azure AD is that AD is designed for Windows or on-premises applications. On the other hand, Azure AD is designed for web-based services. Azure AD supports various web-based services like Salesforce, Office 365, Azure, etc.

In Windows Active Directory, we create forests and domains. But in Azure AD, you will create a tenant for the entire organization.

Can Azure AD replace Active Directory?

This question comes can Azure AD replace AD? Azure AD is not a replacement for Windows AD.

If organizations have on-premises AD, then you can integrate on-premises AD with Azure AD Connect, which will sync AD and Azure AD. After that, the user authenticates using the same credentials.

If you do not have an on-premises Windows AD, you can have an Office 365 subscription and access Azure AD with other online services.

Does Office 365 require Azure AD?

Does Office 365 require Azure AD? Yes, it is required.

Behind the scenes, Office 365 uses Azure Active Directory (Azure AD). Office 365 manages users inside Azure AD, and a free subscription to Azure AD comes with an Office 365 subscription.

As an Office 365 subscription user, you can access Office 365 apps like mail, calendar, contacts, users, groups, fields, etc., with single sign-on.

But anytime, you can upgrade your Azure AD free subscription to a paid Azure AD premium subscription.

Learn how to Access Azure AD.

What Is Azure Active Directory Premium P1

Active Directory Premium P1 is an enterprise-level version of Azure Active Directory that provides an identity management feature for remote, on-premise, and hybrid users for accessing different applications in the cloud or locally.

This edition also provides exciting features like access management, self-service identity, and Different group management, including dynamic groups.

Another exciting feature is it also provides the Microsoft Identity Manager.

Active Directory Domain Services VS Microsoft Azure Active Directory

Microsoft Azure Active DirectoryActive Directory Domain Services
Microsoft Azure Active Directory is the cloud version of AD. Azure AD is stored in Microsoft data centers that store user and group information. If you have an Office 365 subscription, you have Azure AD by default.Azure Active Directory Domain Services helps you to join your Azure virtual machine to a domain where you do not need to deploy domain controllers.
Azure AD is designed for web-based services and supports various web-based services, such as Salesforce, Office 365, and Azure.It provides LDAP, group policy, domain join, and Different authentication like NTLM and Kerberos.
It integrates easily with your Azure AD tenant, which helps users log in with their corporate credentials.
It doesn’t matter if your Azure AD is in the cloud or synced with your on-premises Active Directory; Azure Active Directory Domain Services works perfectly with both.

What is new in Azure AD?

Microsoft is releasing new features or improvements regularly. You can check the below URL, to learn about the Azure AD latest releases, bug fixes, known issues, deprecated features or functionality, etc.

Does Azure replace Active Directory?

The answer to this question is no. Azure Active Directory is not meant to be exactly the same as Active Directory.

The Azure Active Directory is not a replacement for the Active Directory. Azure Active Directory has a different set of activities compared to the Active Directory. Azure Active Directory has more features compared to AD.

Azure Active Directory is designed to support different types of Web-based services, but the Active Directory is not designed to support the same.

What are the Differences Between Windows Active Directory and Azure AD

As discussed above, Windows Active Directory and Azure AD are not designed for the same. So there are many differences between them. Let’s discuss a few key differences between them.

Windows Active DirectoryAzure Active Directory
Windows Active Directory is mainly designed to provide the opportunity to get control over their on-premises devices and different applications by organizing users and computers, etc. It helps users with authorization and authentication functionality.Azure AD is the single and universal cloud-based identity and access management platform.
Active Directory doesn’t support different types of Web-based servicesAzure Active Directory is designed to support different types of Web-based services
Security is the Key to the on-premises environment.Security is the Key to the cloud environment

These are a few differences between Windows Active Directory and Azure AD.

Is LDAP Active Directory?

No, LDAP is not the Active Directory. LDAP, the Lightweight Directory Access Protocol, is the protocol that helps to communicate with the Active Directory.

In other words, LDAP helps you provide the communication language that helps the applications communicate with the different directory service servers.

LDAP (Lightweight Directory Access Protocol) is an open-access protocol that different directory services, such as Active Directory, Red Hat Directory Service, and Apache Directory Server, can understand.

When should an organization consider using Microsoft Azure active directory?

First, an organization should consider using Microsoft Azure Active Directory if the organization already has Microsoft Office 365 services.

Azure AD is the identity platform to manage your internal and external users securely. Organizations use Azure AD to store user information like Name, ID, Email, Address, etc.

It helps the Organization’s interns with Security—authentication and authorization functionalities.


In this tutorial, we learned What Azure AD and how Azure Active Directory works?, a complete Azure AD tutorial, and a few related FAQs. I hope you have enjoyed this article !!!