Azure Active Directory (AAD)

• Definition: Azure Active Directory is a cloud-based identity and access management service provided by Microsoft.
• Before going to Azure Active Directory (AAD), let’s clear the concept about Active Directory (AD).

Active Directory (AD):

• Most of the users must be aware of Active Directory.
• It was designed for traditional office use like physical access, printers, computers, etc.… Basically, for On-premises and NOT for Web/Cloud
• Although both AD and AAD products are used to manage the users, both are completely different.

Azure Active Directory Service (AAD Service)

Let’s focus on the key points.

• AAD is the main tool to manage users and permissions in Azure.
• You cannot have an Azure account without an AAD service.
• Every Azure account must have a first user and owner and this first user must be in the AAD instance.
• AAD service is the first thing you get when you create an Azure account.
• AAD can be very helpful to set up a Hybrid infrastructure where AAD is managing the users on On-Premises as well as on the cloud.

Tenant

• Tenant represents your organization in Azure
• Tenant is a dedicated instance of AAD. This is what an organization receives when it signs up for Azure.
• Each Azure Tenant is separate from any other Tenant.
• 1 user can belong to a maximum of 500 tenants as a guest or member.
• Every single Azure user is a member of at least one tenant.

Subscription

• Subscriptions are billing entities.
• This will get billing invoices every month for the services that the user use and are associated with the subscription.
• You can have multiple subscriptions for a single tenant.
• If you don’t pay the bills of the subscriptions, all the services associated with that subscription will stop.