Microsoft Identity Components

Many components help Microsoft’s identity infrastructure stretch outside organizational perimeters to other organizations and hosted services. Active Directory Domain Services (AD DS, often just shortened to Active Directory or AD), shown on the top left, is the hub of on-premises identity management (authentication and access) for most organizations. In this illustration, four key processes are shown that provide an additional level of identity and access management or related services:

AAD sign-on. The black lines show interactions between the key components used when an individual authenticates to Azure Active Directory (AAD)-based applications such as Microsoft Office 365, Azure, or third-party ISV applications that integrate with AAD. These interactions can be independent of an on-premises AD DS. Windows 10 PCs can also be joined to AAD instead of, or in addition to, AD DS, to enable single sign-on (SSO) to AAD-integrated systems and management of PCs by the Intune device management service. Not shown is AAD Pass-through Authentication (PTA), which can provide single sign-on to AD and AAD, without requiring Active Directory Federation Services (AD FS) on-premises.