Integrate your on-premises directories
Offer a cloud-connected, seamless authentication experience with Azure AD Connect. Integrate your single or multi-forest Active Directory, as well as other on-premises directories, with Azure AD to use one identity to access any cloud or on-premises app.
Get started with thousands of pre-integrated apps
Quickly enable single sign-on to a huge number of pre-integrated commercial and custom apps—including ones you use on a daily basis, such as Office 365, Salesforce.com, Box, ServiceNow, and Workday. Find those apps and thousands more in the Azure AD application gallery.
Use your own SaaS apps
You’re not limited to what’s in the Azure AD application gallery. If you have a favorite app not already in the gallery, or created your own in-house SaaS apps, use one of our simple templates or libraries and SDK to turn your app into an Azure AD-enabled app.
Remotely access your on-premises apps
Give external users secured remote access to on-premises web applications using Application Proxy—eliminating the need to use VPN or other legacy publishing solutions.
Enable single sign-on for mobile apps
Provide single sign-on for your Azure AD-connected mobile apps with Microsoft Authenticator, a mobile application available for iOS, Android, and Windows platforms. In addition to using modern authentication on all platforms, Authenticator can be used for multi-factor authentication via push notifications, as well as one-time passwords for consumer, work, or school accounts. Device registration to Azure AD and login to Windows 10 desktops and laptops can also occur using Microsoft Authentication.
Move apps easier using Domain Controller as a Service
Help move your traditional apps to Azure IaaS with managed domains services that use Windows and Linux virtual machines.
Launch your apps from one place
View and launch all your Azure AD-connected apps, as well as easily manage your user account, with MyApps. An application launcher for desktop, laptop, and mobile platforms, MyApps can be used as a stand-alone application or embedded in the Office 365 portal.
Bring self-service capabilities to end users
Allow users to manage their profile and security settings, register new devices, change or reset passwords, and manage group and application access all on their own. With mobile apps and web based interfaces supported in any platform, users can truly be independent and mobile—no need for help desk interaction or lengthy calls with IT.
Collaborate across organizations
Give your partners, vendors, and contractors risk-free access to your in-house resources with Azure AD B2B collaboration.
Improve your connection to customers
Stay better connected to customers in your consumer-facing SaaS, web, and mobile apps with Azure AD B2C, a cloud identity service that’s cost-effective, reliable, and scalable.
Be productive from the start with Windows 10
Azure AD capabilities are built right into Windows 10. So from the moment you join your cloud directory using Azure AD Join, you apply all corporate policies to your Windows 10 devices and get access to all the apps you need without having to visit your IT department.
Get advanced user lifecycle management
Gain better control over the user lifecycle and better management over workloads using a single identity across all IT functions—including user and group-based provisioning and deprovisioning, HR application integration, dynamic group membership, and group accounts.
Add self-service capabilities to reduce costs
Help keep your IT overhead low with self-service capabilities that include password resets, group management, application requests, and application management—with as much scale as you need.
Monitor your identity bridge
Monitor and gain insight into your hybrid identity infrastructure with Azure AD Connect Health. Get monitoring capabilities for your Azure AD Connect sync engine, Active Directory Federation Services (ADFS) infrastructure, and on-premises Active Directory Domain Services health.
Guard against unauthorized access
Help eliminate the risk of unauthorized access with application access control policies based on factors including location, application sensitivity, and device state. Protect your “front door” and make sure that only trusted users will have access to the appropriate content.
Set up additional verification for extra security
Add an additional security layer for protected verification using Multi-Factor Authentication. Built into Azure AD, Multi-Factor Authentication helps secure access to your on-premises applications, Azure, Microsoft online services, and thousands of cloud services pre-integrated with Azure AD.
Defend against identity attacks using insights and risk-based policies
Respond to even the most malicious threats before they start with Identity Protection. Use cloud-based, robust analytics and machine learning to provide meaningful insights and risk-based automated policies that can help protect your identities from future threats.
Control administrative access to secure information and resources
Discover, restrict, and monitor user identities who require privileged access with Privileged Identity Management. Enable “just-in-time” administration to eligible users who require occasional access for a predetermined amount of time.
Comparing generally available features of the Free, Basic, and Premium editions
1Default usage quota is 150,000 objects. An object is an entry in the directory service, represented by its unique distinguished name. An example of an object is a user entry used for authentication purposes. If you need to exceed this default quota, please contact support. The 500K object limit does not apply for Office 365, Microsoft Intune, or any other Microsoft paid online service that relies on Azure Active Directory for directory services.
2With Azure AD Free and Azure AD Basic, end-users are entitled to get single sign-on access for up to 10 applications.
3Microsoft Identity Manager Server software rights are granted with Windows Server licenses (any edition). Since Microsoft Identity Manager runs on Windows Server OS, as long as the server is running a valid, licensed copy of Windows Server, then Microsoft Identity Manager can be installed and used on that server. No other separate license is required for Microsoft Identity Manager Server.
4Self-service integration of any application supporting SAML, SCIM, or forms-based authentication by using templates provided in the application gallery menu. For more details, please read this article.
