Azure Active Directory Premium

Azure Active Directory Premium

Azure Active Directory Premium is the most feature-rich edition of Azure Active Directory. Azure Active Directory allows administrators to implement single sign-on for line of business applications, as well as software-as-a-service providers. Azure AD can integrate with thousands of SaaS providers to provide authentication with little effort from an administrator. All that an administrator has to do is tie their Azure AD with the SaaS provider, which is usually done from the Azure AD console.

Azure AD also ingrates with your on-premises AD to keep your users and passwords in sync. Azure AD can take the place of ADFS for a lot of things, though ADFS is still required for some legacy applications. There are three tools to get users from your on-premises AD to Azure AD – Azure Active Directory Synchronization Tool (DirSync), Azure Active Directory Synchronization Services (AAD Sync), and Forefront Identity Manager 2010 R2 (FIM). AAD Sync is new, and still not full-featured. When it is full-featured, it will provide the best sync experience.

Basic vs. Premium

Why do you need Azure AD Premium vs. Basic? Both versions have company branding, SaaS group-based access, and self-service password reset. The most important feature here is that administrators can provision groups in Azure AD that grants access to SaaS applications. This makes SaaS simple to deploy, especially if there are license concerns. An administrator just needs to create a group and assign it to that SaaS application. These groups can also be synced from your on-premises AD. The Basic service also only provides authentication for 10 apps (SaaS and LOB), while Premium is unlimited.

Azure AD Premium provides more reporting and alerts and multi-factor authentication (both in the cloud and on-premises). Microsoft has also announced that it will soon provide an application proxy, password reset the writes back to on-premises, and bi-directional user sync (currently, the sync can only go from on-premises to the cloud, not the other way around). Finally, Premium provides a license and CALs for Forefront Identity Manager. This provides the ability to keep multiple directories in sync, from Azure AD to on-premises AD, to LDAP servers, etc.


Currently, organizations must have some version of Azure AD (Free, Basic, or Premium) if they have Office 365. Azure AD also makes management of Windows Intune and Azure much easier, as Azure AD can integrate with them and control access. The Azure AD PowerShell module also integrates with these. One of the major advantages of using Azure AD to authenticate these services is that if I disable an account from the Office 365 account portal, it disables the account for the Intune and Azure portals also, just like it would with authenticating from a local directory.

Administering an Azure AD is similar to a regular AD. Administrators can delegate tasks to different users or groups, such as the ability to create and modify user accounts and reset passwords.

This is the first part of a series about Azure AD and the Enterprise Mobility Suite (EMS). Please come back for more about Azure AD, Intune, and Azure Rights Management.


All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistant.



Contact Us

On Key

More Posts

Mastering Azure AD Connect - A Comprehensive Guide by WME
Active Directory

Mastering Azure AD Connect – A Comprehensive Guide

Modern businesses are fast moving toward cloud-based infrastructure. In fact, cloud-based business is not just a trend anymore but a strategic necessity. Microsoft’s Azure Active Directory (Azure AD) has become a frontrunner in this domain. It

Read More »
Security Best Practices in SharePoint
Office 365

Security Best Practices in SharePoint

Microsoft SharePoint is an online collaboration platform that integrates with Microsoft Office. You can use it to store, organize, share, and access information online. SharePoint enables collaboration and content management and ultimately allows your teams to

Read More »
The Ultimate Guide to Microsoft Intune - Article by WME
Active Directory

The Ultimate Guide to Microsoft Intune

The corporate world is evolving fast. And with that, mobile devices are spreading everywhere. As we venture into the year 2024, they have already claimed a substantial 55% share of the total corporate device ecosystem. You

Read More »
Protecting Microsoft 365 from on-Premises Attacks
Cloud Security

How to Protect Microsoft 365 from On-Premises Attacks?

Microsoft 365 is diverse enough to enrich the capabilities of many types of private businesses. It complements users, applications, networks, devices, and whatnot. However, Microsoft 365 cybersecurity is often compromised and there are countless ways that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.