Understanding the Azure Active Directory Licensing Model

Active Directory (AD) helps businesses to manage users, groups and components within their network. So, you can assign users to groups, and assign each of those groups access to specific network resources, devices and apps. This ability to control access at a variety of levels gives businesses the freedom to distribute resources to specific subgroups, which is critical for resource management as well as compliance and regulation.  

Every Active Directory service is not designed identically. For example, the Active Directory services, Windows Server Active Directory, let businesses deal with the internal assets and user integrity all through the business network. On the other hand, the Azure Active Directory is built with cloud services. 

What is Azure Active Directory 

Azure Active Directory (AAD) allows you to manage identity (users, groups, etc.) and control access to apps, devices, and data via cloud. This implies that both access and identity are managed entirely from the cloud. Moreover, all your services and cloud apps will utilize Azure AD.  It’s important to note that Azure AD is immediately valuable for Microsoft apps, but it can be used to power the identity and access controls of your entire organization. Many organizations build a hybrid AD system using both Azure AD and another on-premise AD (typically Windows Active Directory.) 

Azure Active Directory vs Windows Active Directory 

Azure Active Directory required to manage identity across Windows, Azure, and web apps. This directory can be thought of as a service present existing outside of the Windows Server Active Directory network. The Windows Server Active Directory offers domain services, federation services, lightweight directory services etc. to handle network policy, identity, and servers on business networks. . On the other hand, the Azure Active Directory is built with web apps. 

The significance of Azure AD is high when we talk about cloud apps and resources. On-site Active Directory services, such as Windows Server Active Directory is suitable for handling SSO, identity, etc. within your network, but they can’t handle the complexity identity for cloud apps. Azure AD will handle your cloud Active Directory and Windows Server AD will handle your on-premise Active Directory. 

Both directories are important for managing access and control for your user and group. Azure AD is especially valuable for organizations that have already moved apps to the cloud and are dealing with multiple user/password issues due to their current Active Directory being unable to handle the migration. 

It’s important to note the enterprise protocol languages are different for Azure AD and windows server AD. The Windows Server AD utilizes LDAP, Kerberos, etc., whereas Azure AD utilizes Rest APIs and OAuth 2.0 tokens.  So, it implies that apps should be built with the help of Azure AD. 

Different Types of Azure Active Directory Licensing

Below are the different types of AAD licensing options:

Azure Active Directory Free

  • Application launch portal (My Apps) 
  • Automated user provisioning to apps 
  • Basic security and usage reports 
  • Cloud authentication (Pass-through authentication, password hash synchronization) 
  • Delegated administration—built-in roles 
  • Directory synchronization—Azure AD Connect (sync and cloud sync) 
  • Federated authentication (Active Directory Federation Services or federation with other identity providers) 
  • Global password protection and management – cloud-only users 
  • Multifactor authentication (MFA) 
  • Passwordless (Windows Hello for Business, Microsoft Authenticator, FIDO2 security key integrations) 
  • Role-based access control (RBAC) 
  • SaaS apps with modern authentication (Azure AD application gallery apps, SAML, and OAUTH 2.0) 
  • Secure hybrid access partnerships (Kerberos, NTLM, LDAP, RDP, and SSH authentication) 
  • Self-service account management portal (My Account) 
  • Self-service password change for cloud users 
  • Single sign-on (SSO) unlimited 
  • User and group management 
  • User application collections in My Apps 

Ready to experience the full power of cloud technology?

Our cloud experts will speed up cloud deployment, and make your business more efficient.  

Azure Active Directory Premium P1

  • Office 365 features, plus 
  • Advanced group management (Dynamic groups, naming policies, expiration, default classification) 
  • Advanced security and usage reports 
  • Application Proxy for on-premises, header-based, and Integrated Windows Authentication 
  • Automated group provisioning to apps 
  • Azure AD Connect Health reporting 
  • Cloud app discovery (Microsoft Defender for Cloud Apps) 
  • Conditional Access 
  • Global password protection and management – custom banned passwords, users synchronized from on-premises Active Directory 
  • Group assignment to applications 
  • HR-driven provisioning 
  • Microsoft Identity Manager user client access license (CAL) 
  • Self-service group management (My Groups) 
  • Self-service password reset/change/unlock with on-premises write-back 
  • Service-level agreement 
  • Session lifetime management Learn more 
  • SharePoint limited access 
  • Terms of use attestation 

Azure Active Directory Premium P2

  • Azure Active Directory Premium P1 features, plus 
  • Access certifications and reviews 
  • Entitlements management 
  • Identity Protection: risky sign-ins, risky users, risk-based conditional access 
  • Identity Protection: risk events investigation, SIEM connectivity 
  • Identity Protection: vulnerabilities and risky accounts 
  • Privileged Identity Management (PIM), just-in-time access 
  • Self-service entitlement management (My Access) 

Office 365 

  • Azure Active Directory Free features, plus 
  • Self-service sign-in activity search and reporting 

Conclusion

When it comes to Active Directories every business has unique requirements. The discussed above are the 4 key Azure Active Directory licensing options offered by Microsoft. These options provide the required features for companies of all shapes and sizes. ISmile Technologies is a Microsoft partner. We can help you set up your Active Directory services with Microsoft, and we can help you find the license that’s right for your hyper-specific business needs — whether you’re a small business, enterprise, government agency, or educational institution. Schedule a free assessment today.

CLOUD ENGINEER

Mahaboob Khan

A Cloud Engineer at ISmile Technologies, he had extensive experience working on Microsoft Azure which involves activities like Implementation, Managing and troubleshooting the User related issues. With automation tools like Azure ARM Template, Terraform, and Azure DevOps, he helps our client to automate deployment of IaaS and PaaS services.

Register a Free Cloud ROI Assessment Workshop

Register a Free Cloud ROI Assessment Workshop

Get a Detailed assessment report with recommendations with an assessment report

Schedule free Workshop
Register a Free Cloud ROI Assessment Workshop
Register a Free Cloud ROI Assessment Workshop

Liked what you read !

Please leave a Feedback

0 0 votes
Article Rating
guest
0 Comments
Inline Feedbacks
View all comments

Related articles you may would like to read

How can Docker Containerization Help in Reducing CICD Deployment Costs
0
Would love your thoughts, please comment.x
()
x
Proposals

Know the specific resource requirement for completing a specific project with us.

Blog

Keep yourself updated with the latest updates about Cloud technology, our latest offerings, security trends and much more.

Webinar

Gain insights into latest aspects of cloud productivity, security, advanced technologies and more via our Virtual events.

ISmile Technologies delivers business-specific Cloud Solutions and Managed IT Services across all major platforms maximizing your competitive advantage at an unparalleled value.

Request a Consultation