Integrating Azure Active Directory and AD

Organizations deploying Microsoft’s hosted services, such as Office 365, are using Azure Active Directory (AAD), a multitenant directory and identity provider hosted by Microsoft. Organizations with both AAD and an on-premises directory should be sure to use each directory appropriately and integrate them for easier management and to simplify sign-on for users. Organizations need to understand the tools and technologies necessary to integrate with AAD and work to avoid redundant AAD tenancies. Customers should also pay attention to regular AAD updates since Microsoft continues to evolve AAD capabilities for better management and security.

Azure Active Directory

AAD is a scalable, multitenant, Microsoft-hosted directory and identity provider service. AAD stores information about users, such as the user’s name, organization, and privileges, as directory objects and associated attributes. It can issue security tokens on behalf of each authenticated user that contain user-specific claims, which are based on the user’s information stored in the directory. Applications and services from Microsoft, customers, and third-parties can use the claims in the security tokens from AAD tenants to determine the level of access to give to the user. The technology that grew to become AAD was originally the directory and identity provider service for claims-based authentication and access to Microsoft’s Business Productivity Online Suite (BPOS), the first generation of Microsoft-hosted services, which became Office 365. It has evolved into a stand-alone hosted directory and identity provider for most of Microsoft’s hosted services, such as Office 365, Dynamics CRM, Intune, and Azure itself.