Active Directory Vs Azure Active Directory

Hello Folks,
 
In this article, I will describe the difference between Active Directory and Azure Active Directory. Many times, people misunderstand Azure Active Directory as an online version of Windows Active Directory.
 
Let us first understand what Windows on-premises Active Directory is

  • Directory service that Microsoft developed for Windows domain networks...
  • Holds information about all the objects – users, Computers, Resources like Printers, Shared Folders – in organization’s network..
  • It is a software to arrange, store information, provides access and permission
  • It arranges all network users , computers and other objects into LOGICAL and HIERARCHICAL groupings…
  • Active Directory information is used to authenticate/authorize the Users, Computers, Resources which are part of a network 
Now, let us take a look at some of the major drwabacks with Windows Active Directory.

Single-Point of Failure 

In any organization, Windows Active Directory is connected with organization domain name. So, if you try to login to your organization machine, your organizational email account,organizational commumication softwares or try to connect to resources or shared folder, everything is dependent on Windows Active Directory and in turn on your organization domain name. If something goes wrong with your organization domain name everything fails. Again, for each and every request to get permission of machine, emails or resources it will talk with domain name internally.
 
Not scaled to work with internet protocol and standards

Now, let us consider a very practical scenario. You are working at client location on-site. If you need to login to client machine or the client wants you to access some resources in their organization, they will have to create your account in their domain but you can't access resources with your organization credentials. Once you are logged in using client credentials and now you want to access some files which reside in your organization domain again you need to connect with another account. So here you have to manage multiple credentials and once your work is finished or you left your organization, your on-site client has to delete your credentials as well as your organization has to remove your credentials.
 
Single-Sign-On with Cloud apps

Say, if your organization is developing multiple applications and some applications are hosted on the cloud while others are running on-premises and you want to implement Single-Sign-On -- Windows Active Directory fails here. 
 
All above mentioned problems are solved with Windows Azure Active Directory.
 
What is Windows Azure Active Directory ? 

  • A multi-tenant service that provides enterprise-level identity and access management for the cloud.
  • Built to support global scale, reliability and availability and backed by Azure 99.99% SLA for Azure AD Basic and Azure AD Premium version.
  • It allows you to manage users and provides you with access to cloud resources.
  • You can lift and shift your on-premises Active Directory to the cloud.
  • It supprots Single-sign-on across your cloud applications.
  • You can ensure security and reduce risks  by enabling multi-factor authentication.
So, as a developer, you can focus on building your application logic, and with few clicks, you can connect it with Azure Active Directory to provide Identity Management and Access Managment.

X

Build smarter apps with Machine Learning, Bots, Cognitive Services - Start free.

Start Learning Now