Azure Active Directory

What is Azure Active Directory?

Azure Active Directory (Azure AD) is Microsoft’s multi-tenant, cloud-based Identity and Access Management (IAM) service. It takes care of authentication and authorization of user and application identities. It’s the digital infrastructure that allows your employees to sign in and access external resources, such as those held in Microsoft 365 service, an ever-growing list of other SaaS applications, as well as those held on corporate networks.

How does Azure Active Directory work?

When you sign up for any services offered by Microsoft Azure cloud, Microsoft automatically assigns a default directory, which is an instance of Azure AD. This directory holds the users and groups that will have access to each of the services the company has signed up for. This default directory is sometimes referred to as a tenant. For more information about creating a tenant for your organization, see Quickstart: Create a new tenant in Azure Active Directory. The Azure Active Directory tenant represents your organization. Each tenant might have 1 to N Azure Subscriptions. Azure Subscription is a group of cloud services that are billed together.

An Azure AD user account might be single-tenant (has access to resources of a single organization) or multi-tenant (two or more organizations). Every user, who needs access to Azure resources, needs an Azure user account. A user account contains all the information needed to authenticate the user during the sign-in process. Once authenticated, Azure AD builds an access token to authorize the user and determine what resources they can access and what they can do with those resources.

Typically, Azure AD defines users in three ways:

  • Cloud identities – These users exist only in Azure AD. Examples are administrator accounts and users that you manage yourself.
  • Directory-synchronized identities – These users exist in an on-premises Active Directory. A synchronization activity that occurs via Azure AD Connect software brings these users into Azure.
  • Guest users – These users exist outside Azure. Examples are accounts from other cloud providers and Microsoft accounts, such as an Xbox LIVE account. Their source is Invited User. This type of account is useful when external vendors or contractors need access to your Azure resources.

Azure Active Directory monitoring

Monitoring Azure Active Directory is very important. Explore the top three reasons you should be monitoring this service:

  • SecurityActively monitoring sign-in logs enables you to detect malicious attacks such as brute force penetration attacks as they happen. Spikes or anomalous patterns in the logs could indicate that your Azure AD is under attack. Proactive auditing of users and permissions to remove unnecessary access or dormant user accounts will ensure that the attack surface of your organization is minimized.
  • Compliance – Audit reports will help you demonstrate compliance to regulatory standards required in many industry sectors. Not only do you need to know who is accessing your cloud resources and from where, but you may need to demonstrate that you collect this information and retain it beyond the (often short) default retention timescales of Azure logging.
  • End-user experience – Proactively monitoring Azure AD and components such as Azure Connect (connects Active Directory to Azure AD) can avoid users having issues logging in by detecting synchronisation issues. Monitoring certificate and secret expiration dates can ensure users do not experience issues with expired resources.

To monitor the performance of Azure Active Directory, you can use Azure Monitor, which requires extensive setup and configuration, or you can use a third-party tool like eG Enterprise which is pre-configured with all the metrics and thresholds for Azure AD.

Learn more about Azure Active Directory monitoring with eG Enterprise.