Integrating AD and Azure Active Directory

Organizations deploying Microsoft’s hosted services, including Office 365, Intune, and Azure, already use Azure Active Directory (AAD) to authenticate to these services and enforce licensing compliance. Organizations with both AAD and on-premises directories need to integrate those directories to integrate management and simplify sign-on for users. Ongoing changes and updates to AAD, including management, security, and reporting features, require staying alert to avoid redundant AAD tenancies and ensure proper integration with on-premises directories.

Azure Active Directory Fundamentals

AAD is a multitenant, Microsoft-hosted identity and access management (IAM) service, used primarily for managing user identity. AAD stores information about users (such as the user’s name, organization, and privileges) as directory objects and associated attributes in a tenancy. An AAD tenancy is a distinct, logically independent directory for an individual organization or division of an organization (the tenant), typically associated with an organizational domain name. Tenancies are created automatically when an individual from that organization subscribes to a new instance of a Microsoft-hosted service that relies on AAD, such as Azure or Office 365 services.