Let’s get to know about Azure Active Directory — I

Hello guys, hope you all are doing good, under this pandemic situation. While being quaratined, thought to discover more about Azure Active Directory, and bring it to you as a series of articles. My main purpose of these articles is to discuss core concepts, mechanisms, security protocols and architecture behind the Azure Active Directory. And next, I thought to bring you this as a Q&A model.

Before start, one thing I want to say, I really wish to have your feedback, comment and questions to make this success and correct me If something is not in the way I explained. So , that’s why I titled this as ‘Let’s get to know..’.

In this article I expect to discuss fundamental concepts of the Azure Active Directory.

So, Let’s start.

Q1. What is the problem?

Scenario 1 — Imagine your business is using different internal applications. Now you want to provide the access, for the employees with different permissions. Some can only read, some can read/write, some cannot access etc. How are you going to do this? You can create Sign in accounts for each employee including the permission level, for each application.

Scenario 2 — imagine your business is going to use an external service, let’s say Microsoft O365 Outlook, and you want to provide the access for your employees to use the outlook email. So for this you have to create separate account for each employee to access the email.

By now, you have created two accounts for an employee,

  1. To access internal applications and this account is handled by internally.
  2. To access external application and this account is handled by externally.

When it comes to huge no of employees in the business, as an IT administrator you may have to maintain huge no of different accounts, internally and externally. This is tedious and hectic task.

image — the problem

When you see the above illustration you can see that, you have to maintain number of accounts for an employee to grant the permission to access different applications, with different permissions.

Can’t we simplify this? In the organization, each employee has unique Identity (Employee Id) to identify an employee uniquely. So why cannot use this Id, to grant the permission to access different applications, internal or external, with different permission levels.

“One Account, Multiple Access”

This means, you do not need to maintain huge no of different accounts for an employee, instead you use one account for an employee, and it can be granted permissions to use the applications with under different access levels. This is where Azure Active Directory comes in to the picture.

When it comes to the trend of Cloud “Anytime, anywhere”, everything is considered as a Service. That’s where introduced Software as a Service. By based on this concept Microsoft introduced Azure Active Directory, Identity & Access Management Service, which for organizations can use to maintain accounts of their employees, business partners, customers, by granting permissions to access different services, with different access levels, with more advanced security features.

This is the problem I see, what Mictosoft tried to resolved by introducing by AAD, but you may see another thing. So, tell 😃

Q2. What is ‘Azure Active Directory’?

Azure Active Directory, here onwards I mention as AAD, is

Fully Managed, Multi-Tenant Identity & Access Management Service introduced by Microsoft.”

In the other words, this says “One account, access multiple services”.

This has two key words.

a. Fully Managed — This does mean, regarding the security features, and the protection is completely handled by the Azure. The features such Single Sign On, Multifactor Authentication, OAuth 2.0 protocol etc. you do not worry about those, and Azure does handle those.

b. Multi-Tenant — This does mean working together, or share and work. This is described later in this article.

AAD enables your employees sign in and access in external or internal services or resources, under the given permission level. This does mean not as in the above which discussed in Q1, by maintaining single identity for an employee can be enabled to use different resources, service or applications, internal or external.

image — AAD Service | Source — https://knowledge-junction.com

This image shows you what types of resources you can enable to access through AAD. Now as an IT admin you do not need to worry to maintain multiple accounts for an employee, to enable multiple services.

AAD is a centralized place to manage users, roles, permissions & services.

Q3. What are the benefits of AAD for a business?

There are many benefits and advantages can have using AAD.

a. Single-Sign-On (SSO) for multiple applications — You can enable your users to consume multiple services, by signing only once.

b. Integration with an existing windows Active Directory — You can use on-premises identity provision to manage access to cloud features.

c. AAD Multifactor Authentication and conditional access

d. Multiple Platform functionality

e. Global Availability — around the world, this is running on 28 data centers.

f. Role based access control (RBAC)

Q4. What are the AAD Types/License & Features?

When it comes to license, AAD presents different types of license by facilitating different security features and services.

a. AAD Free

b. AAD Basic (removed)

c. AAD Premium-1

d. AAD Premium-2

e. Pay-as-you-go feature license

image — License & features | source — https://www.sherweb.com/

Further, pay-as-you-go feature license enables to have different features such as Azure Active Directory Business-To-Customer (B2C) which can use to provide access & identity management solutions for your customers, including all the P1 features.

Q5. AAD Terminology

In order to understand or work with AAD, it is must to have an understanding on different terms using with it.

image — Terminology

Q6. What are the protocols supported by AAD?

Azure AD supports many standardized protocols for authentication and uthorization.

a. WS-Federation (Web Service Federation)

b. SAML-P

c. OAuth 2.0

d. Open ID connect

That’s all for this article. Here I expected to have an introductory discussion about AAD, the key terms of AAD which we should know when we move with AAD. So, feel free to ask questions, correct me on what I missed or wrong, and I really appreciate it. So, in my next article I wish to discuss about AAD User Roles. So untill then, Enjoy Learning & Stay Safe ! 😺

References

  1. https://docs.microsoft.com/en-us/previous-versions/azure/dn151124(v=azure.100)?redirectedfrom=MSDN
  2. https://www.red-gate.com/simple-talk/cloud/security-and-compliance/azure-active-directory-part-1-an-introduction/
  3. https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis
  4. https://cobweb.com/latest-news/10-reasons-why-you-should-be-using-azure-active-directory
  5. https://www.sherweb.com/blog/cloud-server/microsoft-azure-active-directory/

Technopreneur | Lone Geek Wolf | Monkey Monk