- Azure Active Directory
- Azure AD vs. Azure AD DS vs. ADDS
- Roles in Azure AD
- Built-in Roles
- ADDS - Pros and Cons
Main features:
- Single Sign-on (SSO)
- Application Managemenet
- Identity Protection
- Monitoring
- Multi-Factor Authentication
- B2B and B2C
- Hybrid Identities
- Seamless Integration with Azure Services and Third-party Services
To learn more, check out Azure Identity and Access Management (IAM)
Azure AD (Azure Active Directory)
- Cloud-based identity and access management service.
- Manages user identities and authentication for cloud applications.
- Supports single sign-on (SSO) and multi-factor authentication (MFA).
- Focuses on modern authentication and authorization for cloud resources.
- Enable collaboration with B2B and B2C
Azure AD DS (Azure Active Directory Domain Services)
- Fully-managed domain service
- Enables domain-joined resources in Azure
- Supports LDAP, Kerberos, and NTLM authentication
- Useful for lift-and-shift scenarios
- Integrates with existing Azure AD tenant for user sign-in and control
- Scalability and Disaster recovery with multiple replica sets in different Azure regions
ADDS (Active Directory Domain Services)
- On-premises Windows Server-based directory service.
- Provides authentication and authorization services
- Requires on-premises domain controllers.
- Integrates with Azure AD for hybrid identity scenarios.
This roles grants specialize permissions exclusively for managing resources within Azure AD.
- Application Administrator
- User Administrator
- Groups Administrator
Roles specific to major Microsoft 365 services which are non-Azure AD.
- Exchange Administrator
- Intune Administrator
- Sharepoint Administrator
- Teams Administrator
These are roles that are not confined to a particular service but strethc their influence across multiple solutions.
-
Global Roles
- Grants access across all Microsoft 365 services
- Global Administrator
- Global Reader
-
Security-related Roles
- Grants access across multiple security services
- Security Administrator
- Security Reader
-
Compliance Administrator Role
- For managing compliance-related settings
1. Global Administrator
- Highest level of access.
- Full control over all aspects of Azure AD.
- Can delegate roles to other users.
2. Security Administrator
- Focused on security-related aspects of Azure AD
- Manages security settings, security policies, and security events
- Responsible for ensuring security of Azure AD resources
3. Billing Administrator
- Manages billing and subscription-related tasks in Azure AD
- Handles cost, budgets, and resource optimization
4. Global Reader
- Read-only access to Azure AD resources
- Can view configurations, setting, and reports, but cannot make changes
- Useful for auditors or stakeholders
Pros:
- Simplified domain service without managing domain controllers
- Supports LDAP, Kerberos, and NTLM authentication
- Integrates with existing Azure AD tenant for user sign-in and control
- Enables domain-joined resources in Azure
- Scalability and Disaster recovery with multiple replica sets in different Azure regions
Cons:
- Limited administrative access
- Restricted customization
- Shipped with pre-defined configurations
- Limited application compatibility
- No domain trust support
- No LDAP write access
- Limited operating system support
- Limited network integration
- Availability may vary based on regions
- Cost considerations