Windows Azure Active Directory Review
Visit Azure Active Directory

Windows Azure Active Directory Review

Star Best for Enterprises

Windows Azure Active Directory provides a full suite of identity management tools to secure access to your network and the devices connected to it: single sign-on (SSO), multifactor authentication (MFA), and adaptive authentication. If your information technology (IT) department is already using a Windows-based network environment, you'll be up and running in short order.

Quick Hits

What We Like

  • Robust features set
  • Monthly pricing
  • Native integration with other Windows applications

Could Be Better

  • More transparent pricing
  • Top-tier support cost
  • Cross-platform capabilities

The Blueprint Score

Determined and ranked by our resident expert based on firsthand knowledge and unbiased research.

Ease of Use 7/10
Support 6/10
Pricing 7/10
Features 9/10
out of 10

We may receive compensation from partners and advertisers whose products appear here. Compensation may impact where products are placed on our site, but editorial opinions, scores, and reviews are independent from, and never influenced by, any advertiser or partner.

You must protect every digital device connected to your company's enterprise network and each employee's login credentials from hackers.

Whether it's people using their own laptops at work on bring-your-own-designated-device (BYODD) day or reusing weak passwords like 111111 or abc123, potential entry points for bad actors are steadily increasing.

Windows Azure Active Directory is a sprawling identity and access management (IAM) solution — the Walmart of IAM software — with features and options to satisfy almost everyone.

We'll take a look at its core features, pricing, and support options, so you can decide if it's a good choice for protecting access to your company's digital assets.

Who is Windows Azure Active Directory for?

Azure Active Directory is web-based, enterprise identity management software. Its single sign-on (SSO) and multifactor authentication (MFA) features help protect your network and prevent cyberattacks.

Azure Active Directory for workplace environments is designed for information technology (IT) administrators and application developers to secure users' access.

Azure Active Directory is similar to but separate from Azure Active Directory Domain Services. Both provide identity management functionality, but the former is cloud-based, while the latter is for on-premises use.

You need at least 50 employees — but likely more! — to make Azure Active Directory cost-effective. Current users include Walmart, BP, and Amtrak.

Windows Azure Active Directory’s features

Whether your employees are on-site or away from the office, Azure Active Directory gives them seamless, secure access to their work-related website and application accounts. You can also automate workflows for user life cycle and provisioning and reduce IT department workloads with self-service password management.

We'll start with a close look at its SSO and MFA functionality and related reporting features.

Single sign-on (SSO)

SSO technology allows users to sign in once to a portal website to access multiple, authorized third-party applications.

This streamlines the user experience because nobody wants to log in every day into the same company accounts such as MS Outlook, Slack, or Salesforce — or manage the umpteen different passwords for them.

Employees can access SSO apps via Windows Azure portals or enable the Windows My Apps portal with Azure Active Directory. Either way, users log in once to access company-wide Microsoft and third-party apps.

Multiple apps in the My Apps portal are displayed as icons with text in a grid.

Windows's My Apps portal gives you access to multiple apps after an SSO login.

Source: Microsoft.

Azure Active Directory's SSO generates multiple benefits:

  • Reduces expenses: Users save time with one portal to access company-wide apps, request resource access, and manage their accounts. IT departments will see a significant drop in routine password-related help requests thanks to automated password management.
  • Increases security: Admins can easily change application and resource settings and implement stringent password creation protocols.
  • Provides robust analytics: Using SSO provides one entry point to audit user login activities, password strength, and suspicious activities.

Connect authentication-based apps hosted on-premises or in the cloud. Choose from over 3,200 preconfigured Microsoft and third-party apps in the Azure Marketplace, or use the Azure Active Directory App Proxy to build connections with your native apps.

Users can also install the My Apps mobile app on digital devices to access their SSO accounts on the go.

Multifactor authentication (MFA)

A username and password alone don't distinguish between a user signing in and a hacker with compromised credentials. MFA provides another layer of protection with secondary authentication factors tied to information an attacker shouldn't have. They are based on something you:

  • Know: the answer to a personal security question
  • Have: a one-time password (OTP) or magic link sent to another device or email account
  • Are: biometrics such as facial recognition or a fingerprint scan

You can also deploy MFA when employees perform self-service password resets. These identification factors use the free Microsoft Authenticator app or verification codes, texts, or calls via your smartphone.

Multiple Azure Active Directory MFA options are displayed on a computer screen.

MFA security decreases the chances intruders can access your network.

Source: Microsoft.

During account onboarding, users can register with one step for both self-service password reset and Azure Active Directory MFA, but admins choose the forms of secondary authentication used.


SSO and MFA are not features you switch on and then get to forget about. Instead, they're part of your overall network security strategy.

Azure Active Directory has two report categories:

  • Activity: audit log and sign-in reports
  • Security: risky sign-in and users flagged for risk reports

All Azure Active Directory editions report users flagged for risk and risky sign-ins, but further data granularity depends on your specific plan.

The security overview dashboard uses numeric data and bar graphs.

Access risk policy configuration settings from the Azure Active Directory security overview dashboard.

Source: Microsoft.

Your IT admins and/or security operations center (SOC) can use this information to configure and enable automated risk policy responses to varying network risk levels. Azure Active Directory also lets you simulate risk-based vulnerabilities to test access policies.

Windows Azure Active Directory’s ease of use

Two different groups will use Azure Active Directory at your business: the IT department and the rest of your employees. The former is concerned with its configuration and operations, while the latter is interested only in the end results when they log in each day.

IT administrators like Azure Active Directory because it has integrated Microsoft security throughout the deployment process, allows centralized administration of users at different locations, and notifies admins about problems with Active Directory database content.

IT techs appreciate it because it reduces help desk requests for new passwords, password resets, and related tasks.

Some IT admins mention the sheer number of features means Azure Active Directory takes more time to learn. It's not that easy to navigate, and inconsistencies are common. And, because it's a Microsoft product designed primarily for Windows environments, it doesn't play well with other operating systems.

Users like moving between applications without multiple sign-ins and find the SSO portal and browser extension easy to use. Azure Active Directory is included with most Office 365 Enterprise plans, and those users need to manage only their Office 365 credentials, which they can do with self-service tools.

Windows Azure Active Directory’s pricing

Azure Active Directory plans include:

  • Office 365: Included with most Office 365 enterprise plans — Provides company branding, including customization of login and logout pages and the access panel, service-level agreement (SLA), and device write-back.
  • Premium P1: $6/month per user — Adds user access to on-premise and cloud resources, supports advanced administration including dynamic groups, self-service group management, Microsoft Identity Manager, and self-service password resets for on-premise users.
  • Premium P2: $9/month per user — Adds Azure Active Directory Identity Protection to enhance risk-based conditional access to apps and company data and Privileged Identity Management (PIM) to further discover, restrict, and monitor administrators, their access to resources, and provide just-in-time access.

The Premium editions are available from multiple sources: your Microsoft representative, Microsoft's Open Volume License Program, and its Cloud Solution Providers program. Azure and Office 365 subscribers can also purchase Azure Active Directory Premium P1 and P2 online.

Finding your total Azure Active Directory price requires careful research. Many IT admins have commented on the complex licensing options, which make it hard to calculate an accurate upfront cost.

Windows Azure Active Directory’s support

Azure Active Directory's four support packages include:

  • Basic: Provided free to all Azure customers, and includes billing and subscription management support, self-help resources, Azure Active Directory tutorial and portal how-to videos, technical documentation, community support, ability to submit multiple support tickets, and Azure health status and notifications.
  • Developer: $29/month — Suitable for trial and nonproduction environments, and adds email support during business hours with an eight-hour response time and general architecture support guidance.
  • Standard: $100/month — Suitable for production workload environments, and adds 24/7 support by email and phone with one- to eight-hour response times.
  • Professional Direct: $1,000/month — Suitable for business-critical dependence environments, and adds 24/7 support by email and phone with one- to four-hour response times, a single view to manage active support tickets, webinars led by Azure engineers, and architecture support, service reviews, advisory consultation, and proactive guidance from ProDirect delivery managers.

Customer support is provided in English, Spanish, French, German, Italian, Portuguese, traditional Chinese, Japanese, and Korean. Quote-based system-wide enterprise support plans are also available.

Benefits of Windows Azure Active Directory

More benefits come from additional features that aid threat hunting, user experience, and endpoint security. We'll take a close look at three you'll use on a regular basis: password protection, browser extensions, and adaptive authentication.

Password protection

Every password is inherently weak because enough time and computing power will uncover it. Even with MFA, however, you still want your employees to use strong passwords and avoid compromised ones.

Azure Active Directory Password Protection has multiple tools to do this, including a global banned password list and third-party compromised password lists.

Create a customized banned password list based on your company's brand and product names, locations, and business-specific internal jargon and abbreviations. Block passwords based on baseline terms like your company name, so you aren't required to block every possible variation such as adding a numeral at the end.

The custom banned passwords interface is shown with sample entries.

Ban passwords based on company-specific or other information.

Source: Microsoft.

Password evaluation is another key security component. Azure Active Directory Password Protection uses multiple factors, including normalization and fuzzy matching, to assign a score to each password. If its score is too low, users must create a stronger one.

Browser extension

Nobody wants to go back to their My Apps portal multiple times during the day to access company app accounts. Azure Active Directory addresses this issue with the My Apps browser extension, which provides full portal functionality.

The My Apps browser extension is displayed over the My Apps portal.

Users are prompted to add the My Apps browser extension the first time they sign in.

Source: Microsoft.

Browser extensions are available for Google Chrome, Mozilla Firefox, Microsoft Edge, and with limited support for Internet Explorer. Safari, Opera, Vivaldi, and Brave users are out of luck.

Adaptive authentication

MFA provides an extra layer of security beyond passwords alone, but it's intrusive: Nobody wants an extra hoop to jump through at every login.

Azure Active Directory Conditional Access adaptive authentication evaluates each login attempt to determine the appropriate level of security to apply or even block access based on multiple "signals":

  • User
  • Location
  • Device
  • Application requested
  • Real-time risk

Azure Active Directory Conditional Access would, for example, allow me to log into my SSO portal at work on my company computer with only my password.

If I was on the road logging in from a different location, however, it might prompt me to use MFA. And if someone outside the U.S. tried to log in from an unknown device, it could block the attempt even if it used the correct login credentials.

Icons, text, and directional arrows illustrate the adaptive authentication login process.

Adaptive authentication recognizes that login security is not a one-size-fits-all solution.

Source: Microsoft.

Azure Active Directory Conditional Access helps IT admins balance two critical goals: Allow employees to be productive no matter where they are, and protect the company's digital assets.

An embarrassment of riches

Most of the software reviews I write have a section detailing what a particular application lacks compared to its competitors. Windows Azure Active Directory has the opposite issue: It has virtually every feature you might want and tons of options for each one.

If your IT department has the expertise and infrastructure to navigate a Windows-centric environment, Azure Active Directory can do what you need.

Frequently asked questions for Windows Azure Active Directory

Who should use Windows Azure Active Directory?

Azure Active Directory is web-based, enterprise identity and access software for IT admins and app developers that includes SSO, MFA, password management, and security monitoring and alerting.

Companies such as Walmart and BP use it due to its scalability, but its pricing makes it accessible to smaller businesses. Still, you probably need at least 50 employees/users to make it cost effective.

How much does it cost?

Most enterprise Office 365 plans include basic Azure Active Directory functionality, or upgrade to P1 Premium for $6/month per user or Premium P2 for $9/month per user for more features. You'll pay extra for customer support beyond self-service resources and help tickets.

What kind of support can I expect?

The free Basic support package includes self-help resources, Azure portal how-to videos, technical documentation, community forums, and help ticket support.

Three additional support plans designed for different environments — trial and nonproduction, production workload, and business-critical — provide increasingly fast service request responses with telephone and email support. These range from $29/month to $1,000/month.

How Windows Azure Active Directory Compares

Free Plan Phone Support Monthly Billing Mobile App
Windows Azure Active Directory
Google Cloud Identity
LastPass for Business

If you need web-based identity management software with all the bells and whistles — and then some! — Windows Azure Active Directory has you covered: SSO, MFA, adaptive authentication, mobile apps, and more. Make sure, however, you have the enterprise Windows IT expertise to take advantage of everything it has to offer.

If you need web-based identity management software with all the bells and whistles — and then some! — Windows Azure Active Directory has you covered: SSO, MFA, adaptive authentication, mobile apps, and more. Make sure, however, you have the enterprise Windows IT expertise to take advantage of everything it has to offer.

The Motley Fool has a Disclosure Policy. The Author and/or The Motley Fool may have an interest in companies mentioned. Click here for more information.

Teresa Kersten, an employee of LinkedIn, a Microsoft subsidiary, is a member of The Motley Fool’s board of directors. The Motley Fool owns shares of and recommends Apple and Microsoft and recommends the following options: short March 2023 $130 calls on Apple and long March 2023 $120 calls on Apple. The Motley Fool has a disclosure policy.