In this video, Sharon provides an overview of Azure Active Directory Domain Services for managing your cloud environments, and discusses Azure Active Directory Join.
- [Narrator] Let's wrap up this course by exploring the different ways to join virtual machines to domains or cloud services. Azure provides two services to do this with, Azure Active Directory Domain Services and Domain Join. Let's start off with Azure Active Directory Domain Services. Remember back in the olden days we'd have to provision a domain control in order to manage our domain? Now we can do that in Azure using domain services. Domain services provides managed services for: domain join, group policy, LDAP, and Kerberos and NTLAM authentication, and is fully compatible with Windows Server Active Directory, allowing you to tie it into hybrid, if you wish.
And it integrates with your existing Azure Active Directory tenant. There are several benefits to using Azure Active Directory Domain Services. First, it's a simple deployment. It only takes a few clicks of the mouse to set this up in Azure. You can easily domain-join computers, and we'll be talking about domain-join in a moment. For each Active Directory that you have, you can have a single Azure Active Directory Domain service. You can create custom domains, therefore, you're not stuck with dot on microsoft dot com.
There's a single Group Policy that can be used to apply specific policy to users and computers. You can create custom OUs in Azure Active Domain Services, but keep in mind only members of the Azure Active Domain Services administrator group can create these custom OUs. It integrates with Azure Active Directory, which means all of your user and group memberships are already automatically available in Azure Active Directory Domain Services. I've already mentioned it will support NTLM and Kerberos authentication.
And you can use the tools like ADAC or AD PowerShell to manage Azure Active Directory Domain Services. Most of the time you'll see Azure Active Directory Domain Services when you have a cloud-only environment because we do not need to put a DC in here. And the way this is configured is we have a virtual network, we have our Azure Active Directory, and then we can go ahead and provision Azure Active Directory Domain Services. When we do so, our users and groups are able to access the services within that virtual network that is being managed by Azure Active Directory Domain Services.
We can also tie it to our on-premise environment using the hybrid architecture. Again, we have this same concept here, with the exception that we're adding in Azure Active Directory Connect to tie into our Windows Server Active Directory. Password sync is required in this implementation. Now I know some of you may be getting really excited and going, "Yes, domain services in Azure!", it's not like it is on Server, so please explore it a little bit further before you go and implement it. And finally, we have Azure Active Directory Join.
And this again is also designed for cloud-based businesses. There's no domain controller and the user will authenticate to Azure Active Directory. But, that's not to say that you cannot tie it into a hybrid implementation. You can do so. We use Azure Active Directory Join to manage devices. And those devices could be corporate owned or they could be BYOD devices. And it allows us to ensure that those devices meet security and compliance standards. Once users have joined Azure Active Directory, they can then use single sign-on to access other cloud services, such as Office365.
But keep in mind here there is a restriction, the devices must be Windows 10 Professional or Enterprise in order to leverage Azure Active Directory Join. There you have it. Two simple ways in which you can leverage domain services within Azure to simplify joining of your devices to Azure Active Directory.
- Creating compute-intensive applications
- Creating long-running applications
- Implementing messaging systems
- Azure Service Bus relays
- Using Azure Storage queues
- Creating an Azure Event Hub
- Creating Azure WebJobs
- Managing cloud environments with Azure Active Directory Domain Services