Hypothesis for Integrating On-Premise AD, MFA Server with Azure AD Microsoft Azure Active Directory (AAD)

AAD is a Cloud Identity and Access Management solution that provides directory services, application access management, and advanced identity protection. it Single Sign-On (SSO) and Multi-Factor Authentication (MFA) thereby protecting employees from cyberattacks.

The Difference between Azure AD and Windows Active Directory: There is a Sligh difference as Windows Active Directory is focused on securing Windows desktops and servers while AAD is all about web-based authentication standards such as OpenID and OAuth.

Prices (License) – Editions of AAD: As of this time, this comes in four editions which are as follow;

  • Free Edition
  • Office 365 apps edition
  • Premium 1
  • Premium 2

Free Edition: This edition has a 12 months free subscription (Azure AD) is not included https://azure.microsoft.com/en-us/free/
– But it has an option to test Azure AD for one month which is regarded as AAD Premium Free https://azure.microsoft.com/de-de/trial/get-started-active-directory/

Office Apps Edition: This licensing edition does not include lots of basic identity and access management functionalities such as MFA with Conditional Access and also does not provide Identity Protection / Governance functionalities such as Risk-based conditional access policies and permission management, Also does not include the Hybrid Identities, Advanced Management of Group Access, etc.

Premium Editions:
These license options are available through the Open Program / Volume License Program. This is a simple and cost-effective way to acquire the latest Microsoft technology and this is sub-divided into Premium 1 and Premium 2.
– Premium 1: This option also does not include some advanced functionalities of Identity Protection and Governance in determining risks and vulnerable accounts and Privileged Identity Management (PIM) etc.
– Premium 2: This license model is recommended as it has all the advanced functionalities such as Identity and Access Management on-premise, cloud, and hybrid environments. It also offers adds reports as shown below.

  • Sign in from IP addresses and suspicious activities
  • Irregular sign-in devices used and show users that most actively use an application.
  • Alerts in the form of emails to Azure AD administrators when anomalous behaviors are detected.

It might interest you to know that, Microsoft offers open programs to Government Organization and Educational Institution which allows the initial purchase of 5 or more licenses and this depends on your eligibility. Here are the different license programs available for the open program.

  • Open Value: This program is basically for small and medium scale companies with relatively few desktops. It also has software assurance, technology training courses, and product support, etc. The license is valid over the total years of agreement (meaning the total cost of the license can be spread through the entire period of subscription).
  • Open Value Subscription: It provides the lowest budget upfront of the open program options with the flexibility to reduce the total licensing cost in the future if the need decreases. Here the software is not purchased but subscribed to and the monthly costs are lower.
  • Open License: One-time payment but grants unlimited use of software (i.e., upfront payment in a large sum). In this program, the five license minimum initial purchase is waived. This is not ideal as it is difficult to tell how many licenses and updates would be needed in the coming years. This has technical support included.

See pricing URL: https://azure.microsoft.com/de-de/pricing/details/active-directory/?cdn=disable

See this link on reasons use AAD: https://techdirectarchive.com/2020/01/25/why-deploy-azure-azure-active-directory-aad/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s