Azure Active Directory
Azure Active Directory is a service that provides identity and access management capabilities in the cloud. In much the same way that Active Directory is a service made available to customers through the Windows Server operating system for on-premises identity management, Azure Active Directory (Azure AD) is a service that is made available through Azure for cloud-based identity management.
Because it is your organization's cloud directory, you decide who your users are, what information to keep in the cloud, who can use the information or manage it, and what applications or services are allowed to access that information.
When you use Azure AD, it is Microsoft's responsibility to keep Active Directory running in the cloud with high scale, high availability, and integrated disaster recovery, while fully respecting your requirements for the privacy and security of your organization's information.
Azure AD can be used as a standalone cloud directory for your organization, but you can also integrate existing on-premise Active Directory with Azure AD. Some of the features of integration include directory sync and single sign-on, which further extend the reach of your existing on-premises identities into the cloud for an improved admin and end user experience.
Application developers can integrate their applications with Azure AD to provide single sign-on functionality for their users. This enables enterprise applications to be hosted in the cloud and to easily authenticate users with corporate credentials. It also enables software as a service (SaaS) providers to make authentication easier for users in Azure AD organizations when authenticating to their services. Developers can also use the Graph API to query directory data for managing entities such as users or groups.
Azure Multi-Factor Authentication
Multi-factor or two-factor authentication is a method of authentication that requires the use of more than one verification method and adds a critical second layer of security to user sign-ins and transactions. It works by requiring any two or more of the following verification methods:
- Something you know (typically a password)
- Something you have (a trusted device that is not easily duplicated, like a phone)
- Something you are (biometrics)
The security of multi-factor authentication lies in its layered approach. Compromising multiple authentication factors presents a significant challenge for attackers. Even if an attacker manages to learn the user's password, it is useless without also having possession of the trusted device. Conversely, if the user happens to lose the device, the finder of that device won't be able to use it unless he or she also knows the user's password. Azure Multi-Factor Authentication is the multi-factor authentication service that requires users to also verify sign-ins using a mobile app, phone call or text message. It is available to use with Azure Active Directory, to secure on-premise resources with the Azure Multi-Factor Authentication Server, and with custom applications and directories using the SDK.
Securing cloud Azure Active Directory
Enable Multi-Factor Authentication for Azure AD identities, and users will be prompted to set up additional verification the next time they sign in. Use Multi-Factor Authentication to secure access to Azure, Microsoft Online Services like Office 365 and Dynamics CRM Online, as well as 3rd party cloud services that integrate Azure AD with no additional set up. Multi-factor authentication can be rapidly enabled for large numbers of global users and applications.
Securing on-premises resources and Active Directory
Enable Multi-Factor Authentication for your on-premise resources such as IIS and Active Directory using the Azure Multi-Factor Authentication Server. The Azure Multi-Factor Authentication Server allows the administrator integrate with IIS authentication to secure Microsoft IIS web applications, RADIUS authentication, LDAP authentication, and Windows authentication.
Securing custom applications
An SDK enables direct integration with your cloud services. Build Active Authentication phone call and text message verification into your application's sign-in or transaction processes and leverage your application's existing user database.