Microsoft Azure Active Directory (Azure AD) helps organizations large and small to manage user identities and create secure access policies for corporate data. All of the Microsoft cloud-based services aimed at businesses rely on Azure AD for sign-in and other identity needs. If your organization has Office 365 Business or Enterprise, then you automatically get Azure AD. With Azure AD, you can manage users and groups, synchronize with on-premises directories, get single sign-on (SSO) across Office 365 and thousands of popular enterprise apps such as DocuSign, Salesforce, and more.
While the "Azure" name is often associated with the Microsoft Cloud, it's important to understand that Azure AD is an integral component of Windows 10 in a business setting along with Office 365 and Enterprise Mobility + Security. Azure AD enables your employees to securely sign into your enterprise apps whether they are in the cloud, on mobile, or on-premises. But the real value a company gets from Azure AD is the inherent ability to provide SSO for their employees.
What is Single Sign-On?
As long as we've had business computers, we've had to deal with usernames and passwords. Back when a company had one set of standard computer networking infrastructure—going all the way back to those ancient days of accessing a mainframe from a terminal—the username and password combo was the most widely-accepted form of user authentication. But now we have multiple types of computing resources and applications. It's not uncommon for the company's accountant doing all of his work in Microsoft Excel, the sales manager practically living in Salesforce, and the CEO dividing her time between various online BI dashboards. Large businesses usually have some of these multiple apps and their accompanying data on local, on-premise servers they sometimes can't (for regulatory reasons) have in the cloud. Many small to medium-sized businesses (SMBs) recognize the cost savings of the cloud, but often mix-and-match a slew of competing cloud apps and systems. The more apps and systems your employees use, the more usernames and passwords they have to remember.
The solution to this problem is SSO, an authentication process that allows a user to access multiple applications with one set of login credentials. When your organization enables SSO, your employees can use one username and password to sign into the corporate devices and apps they need to access data and other resources on your network and in the cloud. Most importantly, by assigning one identity to each of your corporate users using Azure AD and SSO, you can ensure that everyone in your organization has a consistent and secure experience no matter if they're working on Windows, Mac, Android, or iOS devices.
Hybrid SSO approaches for the enterprise
Deploying the "consistent and secure user experience" of SSO can sometimes be a challenge for IT teams depending on how user identities on the corporate network were established. Considering the time and labor cost involved, no smart CIO (or CFO) would want to rip and replace a legacy Windows Server Active Directory system that is already working.
However, we've already established that Azure AD comes with Office 365. We also touched how some enterprises have an existing Windows Server Active Directory setup but are now leveraging cloud-based apps to keep pace with an agile mobile workforce. In these situations, Amaxra recommends a hybrid approach where you leverage Azure AD to use your existing on-premises identity investments to manage cloud-based SSO access. So, an enterprise with on-premise Active Directory resources can federate their existing corporate user identities with Azure AD. By synchronizing these identities, an organization gets all the benefits of secure SSO to thousands of modern cloud-based (e.g. Office 365, Microsoft Teams, Dynamics 365) and on-premise enterprise apps (e.g. the legacy app your company doesn't want to move into the cloud because of GDPR). It's this hybrid approach of adding Azure AD to an existing on-premise network domain that instantly gives your organization a new level of hassle-free access for your users, helping to increase both security and compliance.
Why Seamless SSO is a game changer
Azure AD can also be used to enable Seamless Single Sign-On for users on domain-joined PCs or other devices that are connected to the corporate network. Seamless SSO is so valuable to an organization because it automatically and securely signs users based on their Azure AD identity. With Seamless SSO, your users don't need to type in their passwords to sign in—usually they don't even have to type in their usernames. It's a feature that doesn't require you to buy any additional on-premises components to make it work and delivers an excellent user experience.
Configuring for Seamless SSO using Azure AD has some specific requirements but isn't limited to a specific sized organization. Seamless SSO is a feature that can be used by SMBs up to global enterprises. Amaxra has found that the best price-performance optimization with Seamless SSO is gained by organizations with Microsoft 365. The key reason is that Microsoft 365 bundle gives you Windows 10 Professional, Office 365, and Enterprise Mobility + Security (EMS). We've blogged about the security features in EMS, and that integration of cloud and security helps to enable Seamless SSO. To be clear, Microsoft 365 is not a requirement to deploy Seamless SSO but it is the most cost-effective option for organizations to get Seamless SSO out quickly to their users.
Contact me at firstname.lastname@example.org or call 425 749 7471 if you have any questions or comments on this blog.