filmov
tv
ADFS vs Azure AD: What's the Difference?
Показать описание
Resources and social media:
#jumpcloud #activedirectory #azureactivedirectory
Transcript:
Azure AD is basically Microsoft's version of cloud computing, like Amazon Web Services or Google Cloud platform. IT admins use it to control who can access Azure, Microsoft 365, and a few other cloud apps using just one login.
The basic version of Azure is free if you have a M365 subscription. But if you want all the fancy features, you'll need to buy the premium tiers. Azure AD doesn't handle things like Windows PCs, networks, or file servers. For that, you'll need on-prem Active Directory. If you have a cloud-based organization, you'll also need a middleware called Azure AD Connect to link your on-prem AD with Azure.
So what about ADFS? ADFS is like those single sign-on tools you see for web apps, but instead of being in the cloud, it works on your own servers. It uses the same SAML XML certificates other SSO services use, but it can also authenticate using cookies or other security tokens. ADFS is all about web applications. If you need to manage identities for non-Windows systems, networks, or apps that aren't tied to specific domain, you'll have to rely on Active Directory or explore other options. Azure AD and ADFS both have some single sign-on capabilities and work alongside on-prem Active Directory. But Azure AD is more of an identity and access management tool, while ADFS is more like a security token service.
Azure AD gives you broader control over user identities. It's a popular choice because it offers advanced access control and identity management features, like multifactor authentication at different levels, from basic security defaults, to detailed conditional access rules for privileged users. It can also restrict outdated authentication methods and enforce password strength.
The premium tiers of Azure come with even more features, like risk-based rules, behavioral monitoring, self-service password reset, and monitoring of on-prem identity infrastructure. On the other hand, ADFS is great for managing access to in-house applications or extending Active Directory to third-party apps. It excels in supporting SAML's claims-based authentication workflow and can handle external identities too.
The choice between Azure AD and ADFS depends on your in-house resources, cloud adoption and compliance needs. But remember, neither solutions stands alone. If you're using either of them, you'll still need a service like Active Directory.
If you are looking for a solution that supports all the different resources your users need, regardless of protocol, platform, provider, or location, you might want to explore non-Microsoft alternatives like JumpCloud. Check out the link in the description to learn more about JumpCloud, and be sure to subscribe to this channel for more educational videos.
Комментарии