If you're on a Galaxy Fold, consider unfolding your phone or viewing it in full screen to best optimize your experience.
Windows Azure Active Directory provides a full suite of identity management tools to secure access to your network and the devices connected to it: single sign-on (SSO), multifactor authentication (MFA), and adaptive authentication. If your information technology (IT) department is already using a Windows-based network environment, you'll be up and running in short order.
You must protect every digital device connected to your company's enterprise network and each employee's login credentials from hackers.
Whether it's people using their own laptops at work on bring-your-own-designated-device (BYODD) day or reusing weak passwords like 111111 or abc123, potential entry points for bad actors are steadily increasing.
Windows Azure Active Directory is a sprawling identity and access management (IAM) solution -- the Walmart of IAM software -- with features and options to satisfy almost everyone.
We'll take a look at its core features, pricing, and support options, so you can decide if it's a good choice for protecting access to your company's digital assets.
Azure Active Directory is web-based, enterprise identity management software. Its single sign-on (SSO) and multifactor authentication (MFA) features help protect your network and prevent cyberattacks.
Azure Active Directory for workplace environments is designed for information technology (IT) administrators and application developers to secure users' access.
Azure Active Directory is similar to but separate from Azure Active Directory Domain Services. Both provide identity management functionality, but the former is cloud-based, while the latter is for on-premises use.
You need at least 50 employees -- but likely more! -- to make Azure Active Directory cost-effective. Current users include Walmart, BP, and Amtrak.
Whether your employees are on-site or away from the office, Azure Active Directory gives them seamless, secure access to their work-related website and application accounts. You can also automate workflows for user life cycle and provisioning and reduce IT department workloads with self-service password management.
We'll start with a close look at its SSO and MFA functionality and related reporting features.
SSO technology allows users to sign in once to a portal website to access multiple, authorized third-party applications.
This streamlines the user experience because nobody wants to log in every day into the same company accounts such as MS Outlook, Slack, or Salesforce -- or manage the umpteen different passwords for them.
Employees can access SSO apps via Windows Azure portals or enable the Windows My Apps portal with Azure Active Directory. Either way, users log in once to access company-wide Microsoft and third-party apps.
Azure Active Directory's SSO generates multiple benefits:
Connect authentication-based apps hosted on-premises or in the cloud. Choose from over 3,200 preconfigured Microsoft and third-party apps in the Azure Marketplace, or use the Azure Active Directory App Proxy to build connections with your native apps.
Users can also install the My Apps mobile app on digital devices to access their SSO accounts on the go.
A username and password alone don't distinguish between a user signing in and a hacker with compromised credentials. MFA provides another layer of protection with secondary authentication factors tied to information an attacker shouldn't have. They are based on something you:
You can also deploy MFA when employees perform self-service password resets. These identification factors use the free Microsoft Authenticator app or verification codes, texts, or calls via your smartphone.
During account onboarding, users can register with one step for both self-service password reset and Azure Active Directory MFA, but admins choose the forms of secondary authentication used.
SSO and MFA are not features you switch on and then get to forget about. Instead, they're part of your overall network security strategy.
Azure Active Directory has two report categories:
All Azure Active Directory editions report users flagged for risk and risky sign-ins, but further data granularity depends on your specific plan.
Your IT admins and/or security operations center (SOC) can use this information to configure and enable automated risk policy responses to varying network risk levels. Azure Active Directory also lets you simulate risk-based vulnerabilities to test access policies.
Two different groups will use Azure Active Directory at your business: the IT department and the rest of your employees. The former is concerned with its configuration and operations, while the latter is interested only in the end results when they log in each day.
IT administrators like Azure Active Directory because it has integrated Microsoft security throughout the deployment process, allows centralized administration of users at different locations, and notifies admins about problems with Active Directory database content.
IT techs appreciate it because it reduces help desk requests for new passwords, password resets, and related tasks.
Some IT admins mention the sheer number of features means Azure Active Directory takes more time to learn. It's not that easy to navigate, and inconsistencies are common. And, because it's a Microsoft product designed primarily for Windows environments, it doesn't play well with other operating systems.
Users like moving between applications without multiple sign-ins and find the SSO portal and browser extension easy to use. Azure Active Directory is included with most Office 365 Enterprise plans, and those users need to manage only their Office 365 credentials, which they can do with self-service tools.
Azure Active Directory plans include:
The Premium editions are available from multiple sources: your Microsoft representative, Microsoft's Open Volume License Program, and its Cloud Solution Providers program. Azure and Office 365 subscribers can also purchase Azure Active Directory Premium P1 and P2 online.
Finding your total Azure Active Directory price requires careful research. Many IT admins have commented on the complex licensing options, which make it hard to calculate an accurate upfront cost.
Azure Active Directory's four support packages include:
Customer support is provided in English, Spanish, French, German, Italian, Portuguese, traditional Chinese, Japanese, and Korean. Quote-based system-wide enterprise support plans are also available.
More benefits come from additional features that aid threat hunting, user experience, and endpoint security. We'll take a close look at three you'll use on a regular basis: password protection, browser extensions, and adaptive authentication.
Every password is inherently weak because enough time and computing power will uncover it. Even with MFA, however, you still want your employees to use strong passwords and avoid compromised ones.
Azure Active Directory Password Protection has multiple tools to do this, including a global banned password list and third-party compromised password lists.
Create a customized banned password list based on your company's brand and product names, locations, and business-specific internal jargon and abbreviations. Block passwords based on baseline terms like your company name, so you aren't required to block every possible variation such as adding a numeral at the end.
Password evaluation is another key security component. Azure Active Directory Password Protection uses multiple factors, including normalization and fuzzy matching, to assign a score to each password. If its score is too low, users must create a stronger one.
Nobody wants to go back to their My Apps portal multiple times during the day to access company app accounts. Azure Active Directory addresses this issue with the My Apps browser extension, which provides full portal functionality.
Browser extensions are available for Google Chrome, Mozilla Firefox, Microsoft Edge, and with limited support for Internet Explorer. Safari, Opera, Vivaldi, and Brave users are out of luck.
MFA provides an extra layer of security beyond passwords alone, but it's intrusive: Nobody wants an extra hoop to jump through at every login.
Azure Active Directory Conditional Access adaptive authentication evaluates each login attempt to determine the appropriate level of security to apply or even block access based on multiple "signals":
Azure Active Directory Conditional Access would, for example, allow me to log into my SSO portal at work on my company computer with only my password.
If I was on the road logging in from a different location, however, it might prompt me to use MFA. And if someone outside the U.S. tried to log in from an unknown device, it could block the attempt even if it used the correct login credentials.
Azure Active Directory Conditional Access helps IT admins balance two critical goals: Allow employees to be productive no matter where they are, and protect the company's digital assets.
Most of the software reviews I write have a section detailing what a particular application lacks compared to its competitors. Windows Azure Active Directory has the opposite issue: It has virtually every feature you might want and tons of options for each one.
If your IT department has the expertise and infrastructure to navigate a Windows-centric environment, Azure Active Directory can do what you need.
Free Plan | Phone Support | Monthly Billing | Mobile App | |
---|---|---|---|---|
Windows Azure Active Directory | ||||
##PRODUCT-LINK-google-cloud-identity## | ||||
##PRODUCT-LINK-lastpass-for-business## | ||||
##PRODUCT-LINK-okta## | ||||
##PRODUCT-LINK-onelogin## |
Azure Active Directory is web-based, enterprise identity and access software for IT admins and app developers that includes SSO, MFA, password management, and security monitoring and alerting.
Companies such as Walmart and BP use it due to its scalability, but its pricing makes it accessible to smaller businesses. Still, you probably need at least 50 employees/users to make it cost effective.
Most enterprise Office 365 plans include basic Azure Active Directory functionality, or upgrade to P1 Premium for $6/month per user or Premium P2 for $9/month per user for more features. You'll pay extra for customer support beyond self-service resources and help tickets.
The free Basic support package includes self-help resources, Azure portal how-to videos, technical documentation, community forums, and help ticket support.
Three additional support plans designed for different environments -- trial and nonproduction, production workload, and business-critical -- provide increasingly fast service request responses with telephone and email support. These range from $29/month to $1,000/month.
We're firm believers in the Golden Rule, which is why editorial opinions are ours alone and have not been previously reviewed, approved, or endorsed by included advertisers. The Ascent, a Motley Fool service, does not cover all offers on the market. The Ascent has a dedicated team of editors and analysts focused on personal finance, and they follow the same set of publishing standards and editorial integrity while maintaining professional separation from the analysts and editors on other Motley Fool brands.