Understanding Azure AD’s Free Tier

Written by Kayla Coco-Stotts on February 24, 2020

Share This Article

To better understand the pricing structure of Azure® Active Directory® (AAD or Azure AD), we will explore each tier they offer in a four-part series. This is the first part of that series.

Below we’ll analyze the full scope of features offered with Azure AD’s most basic iteration. Each part will cover the benefits of that particular service, as well as the drawbacks that come with each tier. 

Azure Active Directory Free

Organizations often use Azure AD to extend their AD identities to Microsoft® Azure cloud infrastructure and select web applications (like Office 365™). It should be noted that, as the substrate identity management solution used to control Azure access, AAD is not a straightforward cloud-based replacement for on-prem Active Directory (AD).

AAD is actually designed to be a complementary service to on-prem AD. Without it, Azure AD cannot complete tasks related to system management, legacy application authentication, and network access control. Azure AD also requires authentication from Azure AD Domain Services (AAD DS) to manage Windows servers and applications hosted at Azure.

Though Azure AD without on-prem AD does have specific administrative capabilities, it offers a solution for IT teams looking for a single sign-on (SSO) tool that allows users to authenticate Azure credentials to select web applications.  

Benefits of Azure AD Free

As a free service, AAD gives IT teams the ability to:

  • Sync with up to 500,000 directory objects
  • Leverage SSO for up to 10 pre-integrated applications
  • Enact self-service password change for cloud users only (this does not include password resets that flow back to on-prem AD)
  • Sync with Azure AD Connect (which is a Microsoft utility designed to bridge the gap between on-prem AD and Azure AD)
  • See basic reporting on their substrate identity management solution

With the free version of Azure AD, IT teams can connect AAD to an existing directory service (typically Active Directory) to supplement its native capabilities. However, though Azure AD Free does offer some SSO solutions for IT teams, it omits a number of features deemed necessary for cloud-based identity management. 

Drawbacks of Azure AD Free

There are different versions of Azure AD, and those different versions deliver varying levels of the same product. In regard to AAD’s free edition, it can be useful in addressing a small part of cloud identity and access management (IAM), but it leaves out a number of protocols/processes that IT teams must outsource. Natively, AAD Free doesn’t authenticate user credentials to any more than 10 SaaS applications, and it has a 500,000-object limit on directory objects.

For most enterprises, this limit reflects the number of users IT teams are provisioning to their resources. It’s difficult (and often confusing) to forecast your needs based on this type of metric, which can significantly impact IT departments with strict budgets. Once an organization’s users exceed the allotted amount of directory objects, or IT teams want to authenticate AAD credentials to more than just 10 web applications, admins have to either upgrade their Azure AD to Premium versions P1 or P2 — or find another solution altogether. 

In addition, Azure AD doesn’t natively authenticate users to their networks via RADIUS. It also doesn’t manage user identities for macOS® devices, Linux® servers hosted in AWS®, or Windows® systems (with the exception of Windows 10 Pro). On top of that, admins can’t employ group policy objects (GPOs) to users’ devices using Azure AD. 

Overall, Azure AD Free can be a useful tool for admins looking to introduce their organization to cloud-based infrastructure. However, it ultimately requires a number of additional authentication solutions to serve as a core identity provider (IdP).

One Core, Cloud-Based Identity

Microsoft Active Directory’s practicality depended upon the fact that IT teams could authenticate user credentials to all the on-prem, Windows-based resources they utilized. Since IT infrastructure has steadily shifted toward cloud software, on-prem solutions like AD have not maintained their original idea of leveraging one core identity for all user resources.

As a result, IT teams have been turning to solutions like Azure AD Free to securely authenticate users to their cloud-based resources, but then, that fractures AD’s ideology of centralized identity management. Modern resources require a solution that acts as the authoritative identity provider for a user’s on-prem and cloud-based assets.

JumpCloud Directory-as-a-Service

Admins seeking a modern solution such as the one described above may want to consider JumpCloud® Directory-as-a-Service® (DaaS). It connects users to their cross-platform systems, networks, applications, and files entirely from the cloud while serving as the core IdP. 

Through preconfigured protocols like cloud-based LDAP, RADIUS, and SAML 2.0, admins can authenticate user credentials to nearly all their resources via True Single Sign-On™ (True SSO.) Also, JumpCloud employs multi-factor authentication and SSH keys to protect the resources users are connecting to, ensuring that identity management in the cloud is both simple and secure for admins and users alike.

Learn More

Interested in learning more about moving your IT infrastructure to the cloud? Check out our YouTube channel for videos on DaaS, or feel free to register for a personalized demo.

Kayla Coco-Stotts

Kayla is a content writer at JumpCloud with a B.A. in Print Journalism from the University of Kentucky. She hails from St. Louis, Missouri, and loves to eat good food and hike Boulder's beautiful trails when she is not writing.

Continue Learning with our Newsletter