Active Directory and Azure AD explained

What is Active Directory (AD)?

Charities can use Active Directory (AD) to manage their computers, printers and other devices on a network. It enables network administrators to create and manage domains, users, and objects. For example, a group of users can access specific resources on the server such as printers or certain files or folders. As the charity expands its network and operations, Active Directory enables the network administrator to organise multiple users into groups and subgroups and control their levels of access at each level.

How does Active Directory help manage users?

The major service in Active Directory is Domain Services (AD DS). It allows network administrators to control information about users and resources in a network. AD DS confirms the level of access when a user logs in to their computer or to tries to access the server. AD DS controls each user’s level of access to each object within the network.

A server operating Active Directory Domain Services (AD DS) is called a domain controller. It verifies all users and computers in a Windows network by allocating and confirming the security for all computers. For example, when a user logs in, Active Directory checks the password and confirms if they are a normal user, a system administrator and so on. It allows network administrators to install and update software on computers in the network. It can be used to manage and store information as well as authenticate and authorise users.

How does Active Directory work with Azure?

Historically, organisations requiring a directory managing users, computers and devices would have needed to run their own Microsoft Active Directory server. Now, organisations can use Azure Active Directory as well as on-premises Active Directory software running on a Windows server

Azure AD is largely similar but is hosted in the cloud, on Microsoft Azure. It allows organisations to use all of the streamlined administration offered by Active Directory without needing their own Active Directory and saving themselves from setting up the complex framework needed to run it remotely.

How can Azure Active Directory help charities?

Azure Active Directory (Azure AD) enables you to manage users and control access to keep your resources secure. It is a key element of Office 365, Azure and Enterprise Mobility + Security. Azure AD provides streamlined management of users and their access rights to maintain security and productivity across devices, data and apps. Azure AD is designed for apps in the cloud, on mobile and offline. You can also use complex security features such as provisional access whilst protecting your users and your charity.

Azure AD may appear complicated but you may find it easier to use than expected. You may even be using it already. It is the standard method for creating users in Office 365. Using the Azure AD method of creating users with a few details such as name, tenant, role and password enables you to use Azure Cloud Services which has enormous capacity for records without the intricacy and complications of an on-premises Active Directory.

What are the options within Azure Active Directory?

Azure Active Directory itself is free however there are costs associated with using Azure Active Directory Basic and Premium. These versions provide more features such as branding and enabling users to manage their own passwords.

To clarify further, it may be useful to look at a typical example. A new user is created in Office 365. This new user’s account information is recorded in Azure AD. At any future point that the user needs to be verified whether logging in from a different location or a different device, the user’s identity and access is managed within Azure AD.

Azure AD enables you to move your Active Directory verification process to the cloud. Whether you choose to use a public or private cloud, the data is safely stored in the data center.

You can access Azure by following these instructions.