2. Security for Business
Agenda
What’s Azure AD
Cost of Azure AD
Azure AD technical view
How to setup Azure AD Domain Service
Network your Azure AD
Grant Azure AD admin rights
More about Azure AD
3. Security for Business
What’s Azure AD
As the name can let you understand, Azure AD is a Microsoft Active Directory hosted in the
Microsoft Cloud (aka Microsoft Azure).
Recent Windows OS can join Azure AD « natively » from internet and be managed from Azure AD.
ThisAzure AD can be « extended » to give a domain service to your Azure asset.This will permit to
join « any » (Azure VM’s) computer/server to your Azure AD and manage them (policies etc …)
You can create multiple Azure AD in one Microsoft Azure tenants/subscription.
With Office 365 (but also others MS cloud services) an Azure AD is already behind and you can
manage it from the Azure portal to extend with great feature like Multi-Factor Authentification
(MFA). More here https://support.office.com/en-us/article/Register-your-free-Azure-Active-
Directory-subscription-d104fb44-1c42-4541-89a6-1f67be22e4ad
Azure AD is also the basis ofAzure IAM (Identity Acces Managment in the new Azure portal)
4. Security for Business
Cost of Azure AD
• You have multiple flavour ofAzure AD:
• Free
• Basic (€0.8433 user/ month)
• Premium P1 (€5.0598 user/ month)
• Premium P2 (€7.5897 user/ month)
• We recommand to read carefully the pricing plan here : https://azure.microsoft.com/en-
us/pricing/details/active-directory/
• Ps :When you are anAzure pre-paid service (ie MS Partner/MSDN/…) as soon as you
activate the domain service, you will be charged.
5. Security for Business
Azure AD technical view
• AzureAD is « invisible » ;-) till when you activate the Domain Services.
• AzureAD is managed from the Azure portal but more visible when domain
service are activated because you will be able to use the Microsoft Active
Directory Administration Center (and other AD tooling …) from a domain
joined server/workstation.
• AzureAD is « presented » by 2 « virtual » Domain Controller but according
the SLA the infra behind this is much more robust. (please note that free
AAD has no SLA…)
6. Security for Business
How to setup Azure AD Domain Service
• Click on yes to the domain services and don’t forget to follow instruction to
have a working DNS server (more details here:
https://docs.microsoft.com/en-us/azure/active-directory-domain-
services/active-directory-ds-getting-started-enableaadds )
7. Security for Business
Network your Azure AD
• https://docs.microsoft.com/en-us/azure/active-directory-domain-
services/active-directory-ds-getting-started-dns
8. Security for Business
Grant Azure AD admin rights
• From the Azure portal you will have to create a specific Group that will
« provision/sync » a predefined group within your « virtual » AD, granting a
Domain/Enterprise Administrators group like.
• https://docs.microsoft.com/en-us/azure/active-directory-domain-
services/active-directory-ds-getting-started
9. Security for Business
More about Azure AD
• With Azure AD you have great added feature (and that will come) like:
• Azure Active Directory conditional access policies
• Azure Active Directory dynamic group membership
• Azure Active Directory password rollover
• Azure Active Directory Privileged Identity Management
• Azure Active Directory self-service access requests
• But you have also limitation like :
• You will be Enterprise/Domain admins likes only. And by this, some feature well know by Active Directory
Administrator are not available. By example default AD Builtin Group are not manageable and so not useable
(ie “Terminal Server Licensing group” etc…)