Export (0) Print
Expand All

Azure AD terminology

Published: February 7, 2013

Updated: May 21, 2014

Applies To: Azure, Office 365, Windows Intune

Microsoft Azure Active Directory (Azure AD) has a unique set of terminology that reaches into the cloud, hybrid and on-premises scenarios. The following table defines these terms to provide you with a basic understanding for how they will be used throughout various topics in this guide.


Term Definition

Additional security verification

A security setting that a global admin can set on a user account in their organization’s tenant to require that both a user’s password and a response from their phone must be used to verify that identity to the Azure Active Directory authentication system.

Directory integration

A feature of Azure Active Directory that you can set up to improve the administrative experience associated with maintaining identities in both your on-premises directory and your cloud directory. Directory integration scenarios include directory synchronization, and directory synchronization with single sign on.

Directory synchronization

Used to synchronize on-premises directory objects (users, groups, contacts) to the cloud to help reduce administrative overhead. Directory synchronization is also referred to as directory sync in the Azure AD portal and Azure Management portal. Once directory synchronization has been set up, administrators can provision directory objects from your on-premises Active Directory into your tenant.

Microsoft Online Services Sign-In Assistant

The Sign In Assistant is an application installed on a client computer that makes it possible for a user to sign in once on that computer and then access services any number of times during the sign-in session. Without the Sign In Assistant, end users must provide a name and password each time they attempt to access a service. The Sign In Assistant should not be confused with single sign on which is a directory integration feature of Azure Active Directory that can be deployed to leverage a user’s existing on-premises corporate credentials to seamlessly access Microsoft cloud services.

Multi-factor authentication (also known as two-factor authentication or 2FA)

Multi-factor authentication adds a critical second layer of security to user sign-ins and transactions. When you enable multi-factor authentication for a user account in Azure AD, that user must then use their phone, in addition to their standard password credentials as their additional security verification method each time they need to sign in and use any of the Microsoft cloud services that your organization subscribes to.

Organizational account

A user account assigned by an organization (work, school, non-profit) to one of their constituents (an employee, student, customer) that provides sign in access to one or more of the organization’s Microsoft cloud service subscriptions, such as Office 365 or Azure. These accounts are stored in an organization’s cloud directory (also known as Azure Active Directory), and are typically deleted when the user leaves the organization. Organizational accounts differ from Microsoft accounts in that they are created and managed by admins in the organization, not by the user.

Single sign on

Used to provide users with a more seamless authentication experience as they access Microsoft cloud services while logged on to the corporate network. In order to set up single sign-on, organizations need to deploy a security token service on premises. Once single sign-on has been set up, users can use their Active Directory corporate credentials (user name and password) to access the services in the cloud and their existing on-premises resources.

User ID

A user ID is a unique identifier for an organizational account stored in Azure Active Directory that a user provides on the Sign In page to access the Microsoft cloud services that your organization has subscribed to. Each user ID has a user principal name (UPN) suffix associated with it that is constructed using the accounts User Name (which must be unique) attribute value, the @ symbol and the Internet domain name value that are assigned to it in Azure AD. For example, the construction of the initial user ID that was specified by the person who created your tenant might look similar to admin@contoso.onmicrosoft.com.

Azure Active Directory

The identity service in Azure that provides identity management and access control capabilities through a REST-based API.

Azure Active Directory Access Control

The Azure service that provides federated authentication and rules-driven, claims-based authorization for REST Web services.

Azure Active Directory authentication system

Microsoft’s identity service in the cloud used to authenticate and authorize organizational accounts.

Azure Active Directory Graph

A capability of Azure Active Directory that accesses user, group, and role objects within a social enterprise graph to easily surface user information and relationships.

Azure Active Directory Module for Windows PowerShell

A group of cmdlets used to administer Azure Active Directory. You can use these cmdlets to manage users, groups, domains, cloud service subscriptions, licenses, directory sync, single sign-on, and more.

Azure Active Directory Sync Tool

The application that provides one-way synchronization of directory objects from a company's on-premises Active Directory service to Azure Active Directory.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2014 Microsoft