Azure Active Directory ~ Manage Identities Chapter 1

In this series of articles, I'll share very important notes created by me while studying AAD. What you earn by reading this is mentioned in this chapter. Please read this series of articles to have a better understanding of how we can manipulate, manage AAD in different scenarios.

Brief description of Azure AD

Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources in:

  • External resources, such as Microsoft Office 365, the Azure portal, and thousands of other SaaS applications.
  • Internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed by your own organization. For more information about creating a tenant for your organization.


Who uses Azure AD?

Azure AD is intended for:

  1. IT admins. As an IT admin, you can use Azure AD to control access to your apps and your app resources, based on your business requirements. For example, you can use Azure AD to require multi-factor authentication when accessing important organizational resources. Additionally, you can use Azure AD to automate user provisioning between your existing Windows Server AD and your cloud apps, including Office 365. Finally, Azure AD gives you powerful tools to automatically help protect user identities and credentials and to meet your access governance requirements. To get started, sign up for a free 30-day Azure Active Directory Premium trial.
  2. App developers. As an app developer, you can use Azure AD as a standards-based approach for adding single sign-on (SSO) to your app, allowing it to work with a user's pre-existing credentials. Azure AD also provides APIs that can help you build personalized app experiences using existing organizational data. To get started, sign up for a free 30-day Azure Active Directory Premium trial. For more information, you can also see the Azure Active Directory for developers.
  3. Microsoft 365, Office 365, Azure, or Dynamics CRM Online subscribers. As a subscriber, you're already using Azure AD. Each Microsoft 365, Office 365, Azure, and Dynamics CRM Online tenant is automatically an Azure AD tenant. You can immediately start to manage access to your integrated cloud apps.


Four editions/licenses of AAD


Free -  

  • Max 500,000 Directory objects
  • Single sign-on up to 10 Apps
  • B2B collaboration
  • Self-service password change (Cloud users only)
  • Azure AD Connect
  • Basic reporting


Basic -

  • Everything in Free +
  • Self-service password reset (Cloud users only)
  • Company branding
  • Application proxy
  • Group-based access management and provisioning
  • SLA


Premium P1

  • Everything in Basic +
  • Self-service password reset, change, and password writeback
  • Self-service group management
  • Self-service app management
  • Multi-factor authentication
  • Microsoft Identity Manager (MIM) CAL and MIM server
  • Cloud app discovery
  • Azure Active Directory Connect help
  • Automatic password rollover for group accounts
  • Device synchronization
  • Conditional access based on location and group
  • Conditional access based on device state
  • Advanced reporting


Premium P2

  • Everything in Premium P1 +
  • Identity protection
  • Privileged Identity management
  • Access reviews


You can get a trial of the AAD premium for 30 days from