Azure AD is a multi-tenant cloud directory and identity management service developed by Microsoft. Azure AD also includes a full suite of identity management capabilities, including the following:
- Multi-factor authentication
- Device registration
- Self-service password management
- Self-service group management
- Privileged account management
- Role-based access control
- Application usage monitoring
- Rich auditing
- Security monitoring and alerting
Azure AD can be integrated with an existing Windows Server AD, giving organizations the ability to leverage their existing on-premises identities to manage access to cloud-based SaaS applications. An organization is also able to easily implement single sign-on (SSO) and multi-factor authentication (MFA) through Azure AD without adding third-party software into its environment.
After this chapter, you will know how to set up Azure AD and Azure Connect. You will also be able to design a highly available infrastructure for identity replication.
The following diagram describes the general structure of Azure AD in a hybrid deployment with AD DS:
Customers using different Microsoft services, such as Office 365, CRM Online, or Intune, are already using Azure AD for their service. You can easily identify whether you use Azure AD if you have a username such as [email protected]. Other top-level-domains, such as .de or .cn, are also possible if you are using Microsoft Cloud Germany or Azure China.
Azure AD is a multi-tenant, geo-distributed, high availability service running in every Microsoft datacenter around the world. Microsoft has implemented automated failover with a minimum of two copies of your Azure directory service in other regional or global datacenters.
Your directory is running in your primary datacenter, but is regularly replicated into another two in your region. If you only have two Azure datacenters in your region, as in Europe, a copy will be distributed to another datacenter in another region:
