AWS/Azure/OpenShift

Hypothesis on how to integrate on-premise Active Directory with Azure Active Directory and MFA

AAD is a Cloud Identity and Access Management solution that provides directory services, application access management, and advanced identity protection. It’s single sign-on (sso) and Multi-Factor Authentication (MFA) capability helps protect employees from cyberattacks. For this guide for reasons to deploy AAD.

The Difference between Azure AD and Windows Active Directory: There is a slight difference as Windows Active Directory is focused on securing Windows desktops and servers on premise while AAD is all about web-based authentication standards such as OpenID and OAuth.

Prices (License) – Editions of AAD: As of this time, this comes in four editions which are as follow;

  • Free Edition
  • Office 365 apps edition
  • Premium 1
  • Premium 2

Free Edition: This edition has a 12 months free subscription (Azure AD) is not included https://azure.microsoft.com/en-us/free/
– But it has an option to test Azure AD for one month which is regarded as AAD Premium Free https://azure.microsoft.com/de-de/trial/get-started-active-directory/

Office Apps Edition: This licensing edition does not include lots of basic identity and access management functionalities such as MFA with Conditional Access and also does not provide Identity Protection / Governance functionalities such as Risk-based conditional access policies and permission management, Also does not include the Hybrid Identities, Advanced Management of Group Access, etc.

Premium Editions:
These license options are available through the Open Program / Volume License Program. This is a simple and cost-effective way to acquire the latest Microsoft technology and this is sub-divided into Premium 1 and Premium 2.
– Premium 1: This option also does not include some advanced functionalities of Identity Protection and Governance in determining risks and vulnerable accounts and Privileged Identity Management (PIM) etc.
– Premium 2: This license model is recommended as it has all the advanced functionalities such as Identity and Access Management on-premise, cloud, and hybrid environments. It also offers adds reports as shown below.

  • Sign in from IP addresses and suspicious activities
  • Irregular sign-in devices used and show users that most actively use an application.
  • Alerts in the form of emails to Azure AD administrators when anomalous behaviors are detected.

It might interest you to know that, Microsoft offers open programs to Government Organization and Educational Institution which allows the initial purchase of 5 or more licenses and this depends on your eligibility. Here are the different license programs available for the open program.

  • Open Value: This program is basically for small and medium scale companies with relatively few desktops. It also has software assurance, technology training courses, and product support, etc. The license is valid over the total years of agreement (meaning the total cost of the license can be spread through the entire period of subscription).
  • Open Value Subscription: It provides the lowest budget upfront of the open program options with the flexibility to reduce the total licensing cost in the future if the need decreases. Here the software is not purchased but subscribed to and the monthly costs are lower.
  • Open License: One-time payment but grants unlimited use of software (i.e., upfront payment in a large sum). In this program, the five license minimum initial purchase is waived. This is not ideal as it is difficult to tell how many licenses and updates would be needed in the coming years. This has technical support included.

See pricing URL: https://azure.microsoft.com/de-de/pricing/details/active-directory/?cdn=disable

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x