Azure Active Directory and Azure Active Directory Connect

There’s a common question that comes up when it comes to these two technologies…well two questions? The first is what’s the difference between these two? and the second is what version do I need?

Let’s tackle the first question by first talking about the reason all of this exists.

Azure Active Directory is the hosted brethren of Active Directory. It is an Identity Management service provided by Microsoft and it is the backbone of Office 365. When you sign up for a tenant and are asked to select an address in the format of “” you are now using Azure Active Directory or AAD for short. Once you bring your domain into Office 365 you are starting to use some Advanced features of Azure Active Directory. Without going into too much detail, I want to stress right here that this is it.

Azure Active Directory is a hosted identity management service for Office 365 and Azure.

Azure Active Directory Connect…what is it?

Azure Active Directory Connect is the new version of what was known as Directory Sync (with password sync). This is a piece of software that is designed to help you move or copy your active directory objects from your on premise active directory to Azure Active Directory to make your migration to Office 365 easier. Since you can easily copy your identities to Azure Active Directory there is no need to recreate 10 AD accounts or even thousands of AD accounts…but wait there’s more. In the new release of Azure Directory Sync, you will be guided through a wizard which will help you with your single sign on requirements, when I say help you, I mean it will essentially build out your ADFS infrastructure for you.

Here is a really good article which also has the download link available.

So now that we know what Azure Active Directory is and how Azure Active Directory Connect helps you, let’s talk about what version is required.

Azure Active Directory Versions

Once you subscribe to Office 365, you have Azure Active Directory. No you can’t get rid of it, it’s the backbone of identities in Office 365 and it is one of the versions of Azure Active Directory. The others are Azure Active Directory Free, Basic and Premium. The big difference in these versions is what’s available on top of identity management such as managing mobile devices, advanced multifactor authentication, two way password write backs and portal branding. For all of the features just mentioned except portal branding, the AAD premium package is required, for portal branding you must have at least the basic version of Azure Active Directory. There is a cost associated with the Basic and Premium packages so you should understand your requirements and match them up. A full table of the features of different versions can be found here.

Azure Active Directory Connect Versions

Since this is basically a piece of software that compliments a service, the versions here are progressive and the only thing I will say is if you have the previous version of Directory Sync or AAD 1.0, please upgrade. The link provided above go over the upgrade paths.

The point I want to make with this blog is you can’t get away with Azure Active Directory, in many cases you can make do with the free versions. Personally I like at least the basic versions, I like to personalize the portals for customers and myself. If you have an on-premise of Active Directory and you have Skype for Business or Exchange you will need Azure Active Directory Connect…and as I mentioned before it can even build your ADFS infrastructure. Although I like to build that myself, helps me understand what’s happening.


Leave a comment

Your email address will not be published.