Azure Active Directory Premium

Azure Active Directory Premium

Azure Active Directory Premium is the most feature-rich edition of Azure Active Directory. Azure Active Directory allows administrators to implement single sign-on for line of business applications, as well as software-as-a-service providers. Azure AD can integrate with thousands of SaaS providers to provide authentication with little effort from an administrator. All that an administrator has to do is tie their Azure AD with the SaaS provider, which is usually done from the Azure AD console.

Azure AD also ingrates with your on-premises AD to keep your users and passwords in sync. Azure AD can take the place of ADFS for a lot of things, though ADFS is still required for some legacy applications. There are three tools to get users from your on-premises AD to Azure AD – Azure Active Directory Synchronization Tool (DirSync), Azure Active Directory Synchronization Services (AAD Sync), and Forefront Identity Manager 2010 R2 (FIM). AAD Sync is new, and still not full-featured. When it is full-featured, it will provide the best sync experience.

Basic vs. Premium

Why do you need Azure AD Premium vs. Basic? Both versions have company branding, SaaS group-based access, and self-service password reset. The most important feature here is that administrators can provision groups in Azure AD that grants access to SaaS applications. This makes SaaS simple to deploy, especially if there are license concerns. An administrator just needs to create a group and assign it to that SaaS application. These groups can also be synced from your on-premises AD. The Basic service also only provides authentication for 10 apps (SaaS and LOB), while Premium is unlimited.

Azure AD Premium provides more reporting and alerts and multi-factor authentication (both in the cloud and on-premises). Microsoft has also announced that it will soon provide an application proxy, password reset the writes back to on-premises, and bi-directional user sync (currently, the sync can only go from on-premises to the cloud, not the other way around). Finally, Premium provides a license and CALs for Forefront Identity Manager. This provides the ability to keep multiple directories in sync, from Azure AD to on-premises AD, to LDAP servers, etc.

Uses

Currently, organizations must have some version of Azure AD (Free, Basic, or Premium) if they have Office 365. Azure AD also makes management of Windows Intune and Azure much easier, as Azure AD can integrate with them and control access. The Azure AD PowerShell module also integrates with these. One of the major advantages of using Azure AD to authenticate these services is that if I disable an account from the Office 365 account portal, it disables the account for the Intune and Azure portals also, just like it would with authenticating from a local directory.

Administering an Azure AD is similar to a regular AD. Administrators can delegate tasks to different users or groups, such as the ability to create and modify user accounts and reset passwords.

This is the first part of a series about Azure AD and the Enterprise Mobility Suite (EMS). Please come back for more about Azure AD, Intune, and Azure Rights Management.

Disclaimer

All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistant.