Azure Active Directory (AAD) is a Microsoft cloud-based multi-tenant directory and provides identity and access management capabilities in the cloud. It provides MFA to help protect users from 99.9% cybersecurity attack.
Firstly, take a look at the link below and if these answer your questions, then you should deploy Azure AD, see this link https://blogs.technet.microsoft.com/reference_point/2017/10/23/why-do-i-need-azure-ad/
- Manage B2B collaboration Partners (Guest) credentials and identities.
- Azure offers Availability Zones for resiliency and high availability. This ensures Business Continuity solutions in place.
- On-Premises and Cloud App Handling: Provides users with seamless access to your apps regardless of the location. This is made possible because the SSO easily provides access to apps like Concur, SAP, Office 365, SharePoint, etc.
- It allows policies to be set for secure access to apps by creating application-specific security policies with conditional access with Azure AD. It allows risk assessment from users, locations, and devices to determine whether access should be allowed, verified, restricted, or blocked.
- It helps scale IT efficiently by providing users with Self Service Password Reset possibility in Azure https://azure.microsoft.com/de-de/services/active-directory/sso/
- Azure AD Integration: Self-Service BitLocker Recovery
- Advanced security and usage reports: This provides information about irregular sign-in attempts, devices used and also gives an overview of the most active use application by users.
- On-premise Azure MFA needed to enable 2fa thereby increasing and protecting unauthorized access to on-premise and cloud-based applications. It also integrates conditional access with MFA (based on groups, location, and device status).
- Identity Protection and Governance: Enables us to identify and generate reports on a vulnerable account which is not possible using Active Directory only. This help detect sign-in details of Users IP addresses and other suspicious activities
- Investigate risk events and perform Privileged Identity management.
- With AD FS and Pass-through Authentication available (PTA with SSO), this ensures no password hashes are stored in the cloud.
- Azure AD multi-factor authentication and conditional access: This help create improved application security with full management control.
- Saves your cost of acquiring hardware and licenses and help IT in focus on Administrative tasks.
- Supports regulatory compliance such as ISO, SOC, PCI-DSS, HIPAA, GDPR, etc.
Deprecated (Outdated) Information: Read more https://docs.microsoft.com/en-us/azure/germany/germany-overview-data-trustee Previously, for German customers, AAD had an isolated datacenter where access to customer data was operated by the data trustee, T-Systems International a subsidiary company of Deutsche Telekom (not Microsoft). It ensures that there is no connection with other Microsoft global cloud services but this has changed as they no longer accept customers Since August 2018.
See these links for further information
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.