Azure AD Domain Services
Start course

In this course, I’ll start with the purpose of Azure AD, with a focus on user authentication. Then I’ll cover some of the ways you can make your authentication more robust, including multi-factor authentication and conditional access. Next, I’ll go over some Azure AD services that can help you increase your security and expand your access, including Identity Protection, Privileged Identity Management, and External Identities. Finally, I’ll explain how you can use Azure AD Domain Services to support legacy authentication methods.

Learning Objectives

  • Describe the purpose of Azure Active Directory 
  • Describe how to make Azure authentication more robust using multi-factor authentication and conditional access
  • Describe Identity Protection, Privileged Identity Management, and External Identities
  • Describe the purpose of Azure Active Directory Domain Services

Intended Audience

  • People who want to understand the basics of Azure Active Directory
  • People preparing to take the Azure Fundamentals exam


  • Basic knowledge of Azure (or take our Overview of Azure Services course)
  • Some knowledge of Active Directory (Microsoft’s on-premises authentication software) would be helpful, although it’s not mandatory

If you want to migrate on-premises applications to Azure, one potential issue is if these applications use legacy authentication protocols, such as NTLM or Kerberos. There are a few ways to deal with this. You could have your Azure users authenticate to your on-premises Active Directory, which is probably not something you want to do if you’re trying to migrate to Azure. 

Another possibility is to run Active Directory domain controllers on Azure and replicate them with your on-premises Active Directory. Then your Azure users could authenticate to domain controllers running on Azure instead of in your on-premises environment. The problem with this is that you’d have to maintain these servers by patching them regularly and performing other management tasks, such as backing them up.

An alternative is to use Azure AD Domain Services (or Azure AD DS), which is a managed implementation. It takes care of running and maintaining the domain controllers.

Aside from supporting the legacy authentication protocols I mentioned earlier, here are a few other things you can do with Azure AD DS. It can support applications that use LDAP, which stands for Lightweight Directory Access Protocol. It’s a commonly used open standard for accessing directories such as Active Directory.

Many organizations join their Windows 10 computers to an Active Directory domain. Then their system administrators can use group policies to maintain those computers in a consistent fashion. For example, they could create a group policy that configures the same security settings for all of the computers in that domain. Azure AD DS supports both joining computers to domains and applying group policies.

As you can see, Azure AD Domain Services is a good option to consider if you’re planning to migrate existing applications from your on-premises environment to Azure or if you want to move any of your domain controllers to a managed service.

And that’s it for this quick overview of Azure Active Directory. Please give this course a rating, and if you have any questions or comments, please let us know. Thanks!

About the Author
Learning Paths

Guy launched his first training website in 1995 and he's been helping people learn IT technologies ever since. He has been a sysadmin, instructor, sales engineer, IT manager, and entrepreneur. In his most recent venture, he founded and led a cloud-based training infrastructure company that provided virtual labs for some of the largest software vendors in the world. Guy’s passion is making complex technology easy to understand. His activities outside of work have included riding an elephant and skydiving (although not at the same time).