Similarities between Active Directory and Azure AD

Updated: June 8, 2015

Applies To: Azure, Office 365, Windows Intune

Much like how Active Directory serves as the data store for identities in your on-premises environment, Microsoft Azure Active Directory (Azure AD) provides a repository for all of your organization’s directory data in the cloud so that it can be readily available to all of the services you have subscribed to with your tenant. For more information, see Administering your Azure AD directory.

Similar to how a line of business (LOB) application might use LDAP to access data in your local Active Directory, 3rd party cloud applications can interact with your data in Azure AD through the Graph API.  For more information about the Graph API, see Azure Active Directory Graph Overview.

The following diagram illustrates how various applications, whether they are hosted locally or in the cloud, use a similar methodology to access identity data stored in the most applicable directory store available to them. Active Directory to Windows Azure AD Comparison

Why integrate Active Directory with Azure AD?

Directory integration provides several benefits to streamline identity management such as syncing user data between your local directory and Azure AD.

You only need to integrate once!

One of the primary benefits of setting up directory integration capabilities such as directory sync or single sign-on, is that once you’ve configured it, all of the cloud services you have subscribed to in your Azure AD tenant can utilize the data that is now provisioned and updated in your cloud store. In other words, you only need to set up your Directory Integration components once, and every service can use it.

For example, after you have set up directory sync initially to continuously sync users and contacts for use with Exchange Online, that same directory integration configuration and infrastructure will also be available to all current and future services that you subscribed to with your tenant. This means that you will not need to configure a different instance of directory sync in order to use another service, like the Microsoft Intune service.

Or, in another example, let’s say you set up Directory Sync with Password Sync for use with SharePoint Online, in this case you wouldn’t need to setup Directory Sync or Password Sync again when you start subscribing to Lync Online. For more information, see Directory integration.