Extending Directory Services to Azure

Organizations have leveraged Directory Services and Identity Services for years, and they have manifested in the Azure Active Directory in Azure. The Azure Active Directory (AAD), is important for securing services for Azure-based solutions.  Before we discuss moving existing applications to Azure in Chapter 2, Moving existing apps to Azure, it is a good practice to synchronize directories so that resources can be shared from on-premise to Azure in hybrid scenarios.  A hybrid scenario would be defined as moving your web front-end virtual machines into Azure while your databases' virtual machines remain on-premise.  You can leverage Azure Connect to solve the syncing of your on-premise Active Directory to Azure Active Directory, as shown in the following diagram:

While this book is about Hands-On Solutions with Azure, the configuration of the synchronization to Azure can be complex based on the directory services configured within your organization. You can find Azure Connect in the portal, as shown in the following screenshot.

You can also learn how to set up Azure Active Directory to sync with your organization by using the guide at https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect, as you can see below in Figure 1.7.

No matter how you choose to use Azure, it is important to get the security right upfront.  Now, one of the biggest differences is that the Azure Active Directory has pricing plans based on the type of services you need, and you can review that pricing here: https://azure.microsoft.com/en-us/pricing/details/active-directory/. 

Once everything has been completed, your users should be able to change their passwords on both fronts.  You will also have the ability to access and secure resources without having to add them to Azure AD and cut down on your user management.