We discussed the benefits of a Windows domain a while back. In that post, we described how domains let IT staff easily manage users and set up Group Policy for controlling settings. But we noted that not all businesses use a domain.
One of the alternatives growing in popularity is Microsoft's Azure Active Directory. Let's see how this differs from a standard domain and some of its unique benefits.
What Is Azure Active Directory?
Azure is Microsoft's cloud computing service. It provides businesses with computing power for building and testing applications, running virtual machines, storing files, and many other uses.
Azure Active Directory (AD), then, is a Microsoft offering for user management through the cloud. Recall that Active Directory is Microsoft's user directory service. It allows business environments to manage users and permissions on a scalable level.
But using the traditional form of AD in your company requires an onsite installation, including a server. These can be costly, which means many small businesses don't use AD.
Azure Active Directory allows a business to manage its users through the cloud. Since you don't need a physical server to run it, you don't have a large initial setup cost and you only pay what you need.
Let's see what benefits Azure AD offers.
Single Sign-On for Web Services
Single sign-on allows users to sign into multiple services with a single set of credentials. For example, you might want to sign into your Dropbox account with your corporate Office 365 login. This helps users from having to remember dozens of passwords and allows the business to control user access from a single point
Azure AD integrates with thousands of other services for single-sign on. These include Adobe Sign, Dropbox for Business, GitHub, Salesforce, and many more.
All employees can open an access panel, which lets them quickly view and open any web apps connected with their Azure AD account.
With a traditional domain, users don't have much flexibility when it comes to many simple maintenance items like a forgotten password. If they need help, they typically need to ask IT staff.
Azure AD lets you give users more options (if you want to). These include password self-resetting, so that users can use an alternate email address, password reset questions, or a call to their office phone to reset their password. This reduces calls to IT staff and lets users recover locked accounts more quickly.
You can also allow certain users to manage security groups in Azure AD. This lets administrators delegate basic control of membership to employees who understand the group best.
Administrators also get powerful tools with Azure AD. These include security features like access reviews and conditional access, as well as reporting and monitoring.
And since Azure AD is completely cloud-based, the authentication follows you no matter where you are. Mobile or home-based workers are connected to Azure AD over the internet, allowing for centralized user access and computer password changes/lockouts without the use of VPNs or visiting the office.
Finally, Azure AD allows for built-in two-factor authentication when signing into Windows 10 computers and all web-based services. This means that even if a user’s password is compromised, a nefarious attacker would be stopped by the second authentication method.
Reliability and Cost
Another big plus of Azure AD is that it relies on Microsoft's infrastructure instead of local hardware. If your company's server goes down for any reason, Active Directory won't be able to authenticate devices. But with Azure AD, you can count on Microsoft's uptime.
The company has over 25 data centers for Azure with automatic failover. Even if one of them were destroyed, your data would still be safe at another location.
What's more, companies with a subscription to Office 365 or other Microsoft services can use the free plan for Azure AD at no additional charge. It has some limitations, of course, but should be at least a starting point for most small businesses.
We've seen what Azure Active Directory can offer a small business. While traditional domains definitely still have their place, they're not practical for every company's setup. Using Azure AD allows a business to access powerful identity management features while only paying for what they use.