This video introduces you to the core components of Azure AD and outlines the key features of the product that sets it apart from its competitors.
- [Instructor] Let us try to understand Azure AD by comparing it to something we already know, Windows Server Active Directory. We use the term Active Directory to refer to Active Directory Domain Services most of the time. And this role does three main things in Windows Server. It manages users and groups, manages computers, and supports directory aware applications. Apart from that, there are other Active Directory roles as well. There's Active Directory Federation Services, Certificate Services, Lightweight Directory Services, and Rights Management Services. My point being, Active Directory in itself is not a single service, but is a collection of multiple services designed to perform different tasks. Azure Active Directory follows a similar structure. It also facilitates the management of users, groups, computers, applications, and it's not a single service. It's an umbrella of multiple services, each one of which serves a very strategic function. For managing users and groups, we have the web-based Azure Active Directory Admin Center. Although you can also manage Azure AD by navigating through the Azure portal, the Azure Active Directory Admin Center is like a direct dedicated page for all tasks specific to Azure AD. The URL for the Admin Center is aad.portal.azure.com. We can compare this to the Active Directory Administrative Center MMC, that we get with the AD DS role in Windows Server. Then, for managing laptops and desktop computers, we have Azure AD Join. This is primarily intended for company-owned devices that are handed out to employees. We can compare this feature to the Domain Join operation in Windows Server. For managing applications, we have not one, but multiple options, depending on whatever is appropriate for our requirements. So if you need to run older directory aware applications, you can use Azure AD Domain Services. Then, we have support for integration with modern SaaS applications, as well as PaaS applications, that you're developing in-house or through an independent software vendor. After that, we have the Application Proxy. Now, this is a really cool feature, in my opinion, because it lets you authenticate users in the cloud, and then redirect them to remote applications running on-premises. So, it essentially wraps an unauthenticated application running on-premises with a secure authentication layer in the cloud. The bottom line here is that Azure AD undoubtedly does a great job of covering the basic requirements like users, groups, computers, and applications. But that's not all. It does so much more. It extends device management to now include bring your own device or BYOD scenarios. So like this Azure AD Join for company owned devices, you have device registration for laptops, computers, and mobile devices that are owned by employees and used to access corporate resources. No such solution is available in Windows Server Active Directory out of the box. Then it has Azure AD B2B or business to business. This feature makes sharing your corporate resources and collaborating with users from partner organizations easy and secure. The users are from external organizations that need temporary access to your organization's assets. Hence the term B2B. The traditional alternative to this is deploying Active Directory Federation Services between organizations and configuring trusts. Next, it also has Azure AD B2C or business to consumer. This feature enables you to handle the identities of individual customers using your public facing business applications. The users here are also external, but instead of belonging to one organization, they're individuals using the application or service you offer to the general public. Again, there's no such solution available in Windows Server Active Directory out of the box. Now, some of you may be wondering, "All this is great, but what about the investments we've made to set up Windows Server Active Directory based infrastructure on-premises? Is all that money as good as thrown out of the window?" Absolutely not. Azure AD and Windows Server actually complement each other really well. You can use the AD Connect tool to integrate your on-premises Windows Server Active Directory with Azure AD for a hybrid identity infrastructure. The benefits of doing that is so your users can access both on-premises and cloud resources seamlessly with the same credentials that are valid across both environments. Now coming to the ultimate promise Azure AD intends to fulfill. Sure, there are tons of swanky features in Azure AD, but they're all built around one single core principle, security. The historical problem with security is that there are always people who are able to outsmart it. But thanks to evolution of machine learning, Azure AD's defenses are much stronger and smarter now. And it's not just the security that's smart. Even day-to-day administrative tasks have become smarter and more intuitive. How, you ask. Why don't we find out? What you jut got was a high level overview of the main Azure AD components. Now, let's take a look at each one in a little more detail.
- Using the Azure AD Connect tool
- User and group management in Azure
- Azure AD security features
- Azure AD support for open standards
- Provisioning an Azure AD tenant
- How Azure AD may affect infrastructure costs and growth
- How Azure AD impacts employee efficiency