51CTO blog address: https://blog.51cto.com/14669127blog
garden blog address: https://www.cnblogs.com/Nancy1983
Azure Active Directory provides a wide range of features to allow centralized and simplified identity management, while integrating applications across environments and integration with partners and customers.
Cross-Microsoft Cloud integration, you can add other applications to the Microsoft cloud, and apply the same set of authentication and identity security functions to access these applications. For example, you can use the Cloud-Native function in Microsoft Azure to develop new lines of business (LOB ) Applications, and integrate these applications with Azure AD tenants.
This article will focus on three scenarios: single sign-on configuration for other SaaS applications, integration of Windows 10 with Azure AD, and Azure AD domain services.
- Configure single sign-on for other SaaS applications
By configuring single sign-on for other SaaS applications, you can greatly simplify the identity management of the entire organization, so that you can manage all identities in the same place, apply the same security set, and access the entire organization's policies, such as multi-factor authentication (MFA).
- Windows 10 and Azure AD integration
Join Windows 10 devices in Azure Active Directory.
Windows 10 uses Azure AD and on-premises directories for automatic authentication, providing single sign-on without using ADFS.
- Domain service
Azure AD Domain Services provides managed cloud-based domain services, such as Azure IaaS with Windows Server AD security compatible domain join, group policy, LDAP and Kerberos/NTLM authentication, Azure virtual machines can be joined to this domain without deployment Domain controller, because Azure AD Domain Services is part of an existing Azure AD tenant, users can log in with the same credentials used for Azure AD.
Azure AD DS integrates with existing Azure AD tenants. Through this integration, users can use their existing credentials to log in to services and applications connected to the managed domain, and can also use existing groups and user accounts to protect access to resources , These functions can more smoothly migrate local resources directly to Azure.
This hosted domain is an independent domain and is not an extension of the organization's local domain or forest infrastructure. However, all user accounts, group memberships, and credentials in the local directory can be used for this hosted domain.
Relevant information: