Chapter 3, Deploying and Synchronizing Azure Active Directory already described the synchronization between on-premise and Azure AD very well. As a result, we will not go deeper into AD Connect.
Just to recapture Chapter 3, Deploying and Synchronizing Azure Active Directory, here are the major differences between the AAD pricing tiers. This is important to remember, as there are two (in our opinion) very important security features that are only available in premium P2. We will focus on security-related features that were not handled in Chapter 3, Deploying and Synchronizing Azure Active Directory.
The following table describes the differences between the four Azure Active Directory editions:
| Services |
Common |
Basic |
P1 |
P2 |
|
Directory Objects |
X |
X |
X |
X |
|
User/Group Management (add/update/delete)/ User-based provisioning, Device registration |
X |
X |
X |
X |
|
Single Sign-On (SSO) |
X |
X |
X |
X |
|
Self-Service Password Change for cloud users |
X |
X |
X |
X |
|
Connect (Sync engine that extends on-premises directories to Azure Active Directory) |
X |
X |
X |
X |
|
Security/Usage Reports |
X |
X |
X |
X |
|
Group-based access management/ provisioning |
X |
X |
X |
|
|
Self-Service Password Reset for cloud users |
X |
X |
X |
|
|
Company Branding (Logon Pages/Access Panel customization) |
X |
X |
X |
|
|
Application Proxy |
X |
X |
X |
|
|
SLA 99.9% |
X |
X |
X |
|
|
Self-Service Group and app Management/Self-Service application additions/Dynamic Groups |
X |
X |
||
|
Self-Service Password Reset/Change/Unlock with on-premises write-back |
X |
X |
||
|
Multi-factor authentication (Cloud and On-premises (MFA Server)) |
X |
X |
||
|
MIM CAL + MIM Server |
X |
X |
||
|
Cloud App Discovery |
X |
X |
||
|
Connect Health |
X |
X |
||
|
Automatic password rollover for group accounts |
X |
X |
||
|
Identity Protection |
X |
|||
|
Privileged Identity Management |
X |