Directory Services, Active Directory, and Azure Active Directory
Start course

In this course, we will go over some basic identity concepts regarding security and Azure.

Learning Objectives

  • The concepts of authentication, authorization, and federation
  • What is an Identity and an Identity Provider
  • The concepts of directory services and Active Directory 
  • The concept of the primary security perimeter

Intended Audience

  • Users looking to learn about basic identity concepts referenced in Microsoft Azure
  • Users preparing for the SC-900 certification


  • A basic familiarity with Azure



If you've ever heard of Azure prior to this lecture, it is likely you've heard it alongside the words Active Directory. But what is an Active Directory?

According to Microsoft, an Active Directory is a set of directory services developed by Microsoft as part of Windows 2000 for on-premises domain-based networks. But that definition doesn't really explain much, so let's use an example like Active Directory Domain Services to elaborate. Often abbreviated to AD DS. Active Directory Domain Services stores information about members of the domain. This includes things like devices, users, user credentials alongside their permissions, and access rights. If you've ever tried to log into a company's resource and been asked to log in, you have likely been logging into your company's Active Directory. Now, AD DS is a tool to manage on-premises infrastructure. 

This means that it does not manage or support things like SAAS applications, mobile devices, or anything that requires the modern authentication we discussed in the past lectures. This is where Azure Active Directory comes into play. Azure Active Directory also referred to as Azure AD is a cloud-based identity and access management service. It provides a single identity for cloud applications and enables additional features like mobile device management. When trying to remember the differences between Active Directory Domain Services and Azure Active Directory, just fall back to your knowledge of Azure. Active Directory Domain Services is unique to on-premises services while Azure Active Directory is meant for the cloud. That being said, there can be some overlap as Azure AD does allow for a more hybrid environment setup with Azure AD Connect, but generally speaking, if you see the word Azure, think cloud.


About the Author
Learning Paths

Lee has spent most of his professional career learning as much as he could about PC hardware and software while working as a PC technician with Microsoft. Once covid hit, he moved into a customer training role with the goal to get as many people prepared for remote work as possible using Microsoft 365. Being both Microsoft 365 certified and a self-proclaimed Microsoft Teams expert, Lee continues to expand his knowledge by working through the wide range of Microsoft certifications.

Covered Topics