# Azure Active Directory (AAD)
#Azure #Active-Directory #rbac #Identity
Azure AD is not simply a cloud version of Active Directory in Azure as the name might suggest. Although it performs some of the same functions, it is quite different. Azure Active Directory is a secure online authentication store, which can contain users and groups.
Azure Active Directory (Azure AD) is a directory service provided by Microsoft Azure that enables you to sign in and access both Microsoft cloud applications and cloud applications that you develop. Azure AD can also help you maintain your on-premises Active Directory deployment.
Azure AD provides services such as:
Authentication: This includes verifying identity to access applications and resources. It also includes providing functionality such as self-service password reset, multi-factor authentication, a custom list of banned passwords, and smart lockout services.
Single sign-on: Single sign-on (SSO) enables you to remember only one username and one password to access multiple applications. A single identity is tied to a user, which simplifies the security model. As users change roles or leave an organization, access modifications are tied to that identity, which greatly reduces the effort needed to change or disable accounts.
Application management: You can manage your cloud and on-premises apps by using Azure AD. Features like Application Proxy, SaaS apps, the My Apps portal, and single sign-on provide a better user experience.
Device management: Along with accounts for individual people, Azure AD supports the registration of devices. Registration enables devices to be managed through tools like Microsoft Intune. It also allows for device-based Conditional Access policies to restrict access attempts to only those coming from known devices, regardless of the requesting user account.