With the plethora of service that Microsoft offers via its Office365 service, it’s hard to ignore the fact that having multiple identities across your organization can be quite problematic. With every Azure or Office 365 subscription you get provisioned an Azure Active Directory account in order for you to be able to login to consume the services you just paid for. Using one account you can get access to Exchange, SharePoint, Office 201(x) on demand, Dynamics CRM, Skype For Business and other neat tools like Planner, Sway. With Enterprise Mobility Suite you get access to Azure Rights Management, Intune, Information Security, Azure Active Directory Premium which include a lot of features like service wide MFA, Azure Active Directory Join (Windows 10 is best for this job).
What I’m trying to say here that using one account you get access to a multitude of services that improve your workflow and organization. The only problem with this is that most organizations have on-premise servers and a central directory management system (Active Directory, OpenLDAP/Samba, 389 Server etc.) and having multiple accounts (and passwords) proves to be quite a challenge for the IT staff to enforce security whilst providing the best experience for their users. We all know that password security is a big problem (look at all the breaches that happened in the last 2 years) and enabling the best security under one roof is one of the ways to go.
In this article I will talk about how you can integrate your on-premise Active Directory domain with Azure Active Directory in order to provide your users the best experience while accessing their resources without compromising your organizations security.