Azure Active Directory (AAD) is a Microsoft cloud-based multi-tenant directory and provides identity and access management capabilities in the cloud. It provides MFA to help protect users from 99.9% of cybersecurity attacks. This is the backbone of the Office 365 system, and it can sync with on-premise Active Directory and provide authentication to other cloud-based systems via OAuth. It helps employees sign in and access resources or internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed by your own organization. Please see the following guide Azure Active Directory integration with on-Premise AD using PTA for more information and also this guide for reasons to deploy AAD, how to set up Azure AD Tenant, how to add or delete users, and set permissions in Azure Active Directory, and how to use the built-in AAD Connect troubleshooting tool.
Firstly, take a look at the link below and if these answer your questions, then you should deploy Azure AD, see this link. Why do I need to deploy Azure AD
- Manage B2B collaboration Partners (Guest) credentials and identities.
- Azure offers Availability Zones for resiliency and high availability. This ensures Business Continuity solutions in place.
- On-Premises and Cloud App Handling: Provides users with seamless access to your apps regardless of the location. This is made possible because the SSO easily provides access to apps like Concur, SAP, Office 365, SharePoint, etc.
- It allows policies to be set for secure access to apps by creating application-specific security policies with conditional access with Azure AD. It allows risk assessment from users, locations, and devices to determine whether access should be allowed, verified, restricted, or blocked.
- It helps scale IT efficiently by providing users with Self Service Password Reset possibility in Azure.See this link for more information.
- Azure AD Integration: Self-Service BitLocker Recovery
- Advanced security and usage reports: This provides information about irregular sign-in attempts, devices used and also gives an overview of the most active use application by users.
- On-premise Azure MFA needed to enable 2fa thereby increasing and protecting unauthorized access to on-premise and cloud-based applications. It also integrates conditional access with MFA (based on groups, location, and device status).
- Identity Protection and Governance: Enables us to identify and generate reports on a vulnerable account which is not possible using Active Directory only. This help detect sign-in details of Users IP addresses and other suspicious activities
- Investigate risk events and perform Privileged Identity management.
- With AD FS and Pass-through Authentication available (PTA with SSO), this ensures no password hashes are stored in the cloud.
- Azure AD multi-factor authentication and conditional access: This help create improved application security with full management control.
- Saves your cost of acquiring hardware and licenses and help IT in focus on Administrative tasks.
- Supports regulatory compliance such as ISO, SOC, PCI-DSS, HIPAA, GDPR, etc.
Deprecated (Outdated) Information: Read more via this link. Previously, for German customers, AAD had an isolated datacenter where access to customer data was operated by the data trustee, T-Systems International a subsidiary company of Deutsche Telekom (not Microsoft). It ensures that there is no connection with other Microsoft global cloud services but this has changed as they no longer accept customers Since August 2018.
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.