To better understand the structure of Azure® Active Directory® (AAD or Azure AD), we will be exploring each tier of their services in a four-part series.
This is the second part of that series. Below we explore the full scope of features offered with Azure AD’s Basic/Office 365™ apps iteration. Each part will cover the benefits of that particular service, as well as the drawbacks that come with each tier. Click here to read our previous blog on Azure AD Free.
Azure Active Directory Basic/Office365 Apps
Azure AD’s second pricing tier was introduced in 2014 alongside its other services. It was meant to serve as an intermediary step for admins that wanted more out of AAD’s Free version, but weren’t ready to commit to Premium P1 or P2.
Initially referred to as Azure AD Basic, this version of AAD was recently renamed “Azure AD Office 365 apps.” It’s included with the purchase of a subscription to Office 365 E1, E3, E5, and F1.
AAD Office 365 apps is designed to work optimally as a substrate identity solution that’s been paired with a directory service, namely Active Directory. It is meant to provide legacy, on-prem identity management solutions with a bridge to securely connect existing user credentials to select web apps and the Azure infrastructure.
Benefits of Azure AD Office 365 Apps
By itself, AAD O365 apps offers the following features:
- Sync Office365 user accounts to an unlimited number of directory objects
- Leverage SSO for up to 10 pre-integrated SaaS applications per user
- Self-service password changes and resets (for cloud users only)
- Sync with Azure AD Connect
- Basic reporting on their substrate identity management solution
- Service level agreements (SLAs) for Azure infrastructure
- Multi-factor authentication (MFA) only for O365 apps
As with all other versions of Azure AD, O365 apps allows admins to sync their AAD instance with AD through Azure AD Connect. By doing so, they can increase the value of AAD O365 apps by enabling admins to implement important Microsoft features like network authentication via RADIUS (this requires an on-prem NPS server to do so), (Read more…)