Skip to main content

What is Azure Active Directory? Provide difference of Azure AD and Windows AD


Azure Active Directory (Azure AD) is Microsoft’s enterprise cloud-based identity and access management (IAM) solution. Azure AD is the backbone of the Office 365 system, and it can sync with on-premise Active Directory and provide authentication to other cloud-based systems via OAuth.


What is Azure Active Directory? Provide difference of Azure AD and Windows AD


What is Windows Active Directory?


Windows Active Directory (AD) is Microsoft’s predecessor to Azure AD. Microsoft released Active Directory in Windows 2000 server, and it became a standard for enterprise identity management.


Active Directory lives on-premise in servers called Domain Controllers (DC). Each DC contains a catalog of users and computers that are authorized to access resources on the network. Users authenticate to DCs via Kerberos or NTLM authentication.


AD security is one of our favorite topics because many attacks the Varonis Incident Response team researches involve AD at some point in the cyber kill chain. It could be a simple brute force attack to crack an old NTLM password or a privilege escalation attempt to take over an administrator account. AD security has been the topic of many conference talks and we even wrote a comprehensive guide to pen testing your AD environment to ensure its resilience to common off-the-shelf attacks.


Difference Between Windows and Azure AD


Azure AD and Windows AD are both created by Microsoft, and they are both IAM systems, but that’s pretty much where the comparisons stop. They are fundamentally different systems that exist in an interconnected enterprise environment.


Azure Active Directory


  • REST APIs: Azure AD uses Representational State Transfer (REST) APIs to support communication to other web-based services
  • Authentication: Azure AD uses cloud-based authentication protocols like OAuth2, SAML, and WS-Security for user authentication

  • Network Organization: Each Azure AD instance is called a “tenant” which is a flat structure of users and groups

  • Entitlement Management: Admins organize users into groups, and then give groups access to apps and resources

  • Devices: Azure AD provides mobile device management with Microsoft Intune

  • Desktops: Windows desktops can join Azure AD with Microsoft Intune

  • Servers: Azure AD uses Azure AD Domain Services to manage servers that live in the Azure cloud virtual machine environment


Windows Active Directory


  • LDAP: Windows AD uses Lightweight Directory Access Protocol (LDAP) to pass data between clients and servers and DCs.
  • Authentication: Windows AD uses Kerberos and NTLM to validate user credentials

  • Network Organization: Windows AD is organized into Organizational Units, Domains, and Forests

  • Entitlement Management: Admins or data owners assign users to groups, and those groups have access to resources on the network

  • Devices: Windows AD does not manage mobile devices

  • Desktops: Desktops joined to Windows AD are governed by Group Policy (GPOs)

  • Servers: Servers in Windows AD are managed and governed by GPOs or other on-premise server management system


The answer to the question, “so which one do I use?” is probably both. If you are running an established enterprise network, you most likely already have Windows AD, and you are adding Azure AD to manage your cloud infrastructure.


If you are starting a brand new organization from scratch, Azure AD could meet all of your needs, especially if you plan on using an entirely cloud-based infrastructure.


Comments

Popular posts from this blog

How to Reset Steam Password? – Recover Your Steam Password

Are you suffering with Reset Steam Password? This blog will help you. What is Steam? Steam is the online website for getting the best games for paid. If you are a true game lover then you should have an active account on Steam. Many of people lost their password during the  PC clean-up  or any other circumstances. At that time they have to reset Password of all accounts. Then if you facing issues with the password, you forced to Steam reset password to access the Steam account. We are going to share the guide that how to recover your forgotten Steam Password and make your existing account ready. First of all, you should have enough knowledge about what is Steam and why Steam Account required? Why Steam Account Requires? Before jump into password recovery and Login details, let me clear about why Steam Account required? There are several benefits of this Steam Account from where you can easily download PC games as well as software. Though it will be p...

What is STP? - Explain Advantages and Disadvantages

The Spanning Tree Protocol is a network protocol that builds a loop-free logical topology for Ethernet networks. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. STP is a protocol. It actively monitors all links of the network. To finds a redundant link, it uses an algorithm, known as the STA (spanning-tree algorithm). The STA algorithm first creates a topology database then it finds and disables the redundant links. Once redundant links are disabled, only the STP-chosen links remain active. If a new link is added or an existing link is removed, the STP re-runs the STA algorithm and re-adjusts all links to reflect the change. STP (Spanning Tree Protocol) automatically removes layer 2 switching loops by shutting down the redundant links. A redundant link is an additional link between two switches. A redundant link is usually created for backup purposes. Just like every coin has two sides, a redundant link, along with...