Azure AD\u2019s second pricing tier was introduced in 2014 alongside its other services. It was meant to serve as an intermediary step for admins that wanted more out of AAD\u2019s Free version, but weren\u2019t ready to commit to Premium P1 or P2.<\/p>\n\n\n\n
Initially referred to as Azure AD Basic, this version of AAD was recently renamed \u201cAzure AD Office 365 apps.\u201d It\u2019s included with the purchase of a subscription to Office 365 E1, E3, E5, and F1. <\/p>\n\n\n\n
AAD Office 365 apps is designed to work optimally as a substrate identity solution that\u2019s been paired with a directory service, namely Active Directory. It is meant to provide legacy, on-prem identity management solutions with a bridge to securely connect existing user credentials to select web apps and the Azure infrastructure.<\/p>\n\n\n\n
![\"JumpCloud\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/03\/large-202303-EB-Resource-BreakingUpWithAD-290x175-SiteDisplay-aspect-ratio-160-110.png\")
\n <\/div>\n \n Breaking Up with Active Directory <\/p>\n
\n Don\u2019t let your directory hold you back. Learn why it\u2019s time to break up with AD. <\/p>\n <\/div>\n
Benefits of Azure AD Office 365 Apps<\/h3>\n\n\n\nBy itself, AAD O365 apps offers the following features:<\/p>\n\n\n\n
\n- Sync Office365 user accounts to an unlimited number of directory objects<\/li>\n\n\n\n
- Leverage SSO for up to 10 pre-integrated SaaS applications per user<\/li>\n\n\n\n
- Self-service password changes and resets (for cloud users only)<\/li>\n\n\n\n
- Sync with Azure AD Connect<\/li>\n\n\n\n
- Basic reporting on their substrate identity management solution<\/li>\n\n\n\n
- Service level agreements (SLAs) for Azure infrastructure<\/li>\n\n\n\n
- Multi-factor authentication (MFA) only for O365 apps<\/li>\n<\/ul>\n\n\n\n
As with all other versions of Azure AD, O365 apps allows admins to sync their AAD instance with AD through Azure AD Connect. By doing so, they can increase the value of AAD O365 apps by enabling admins to implement important Microsoft features like network authentication via RADIUS (this requires an on-prem NPS server to do so), or group policy objects (GPOs) to manage Windows\u00ae<\/sup> systems.<\/p>\n\n\n\n
On its own, AAD O365 apps can be beneficial for admins looking to manage their Office365 users, but as an identity provider, admins may be searching for other solutions to increase the effectiveness of the substrate identity management tool.<\/p>\n\n\n\n
Drawbacks of Azure AD Office 365 Apps<\/h3>\n\n\n\n
In organizations where users generally use 10 applications or more, AAD O365 apps can be less than ideal. Though AAD O365 apps offers an unlimited number of directory objects per user, this only applies to O365 user accounts, and doesn\u2019t apply to user identities in Azure or Active Directory. <\/p>\n\n\n\n
IT teams have to look beyond AAD O365 apps if they want to leverage RADIUS, manage users or groups, customize the provision or deprovisioning of users to pre-integrated SaaS apps, or enact GPOs for Windows devices. Additionally, AAD O365 apps don’t manage disparate systems (such as macOS\u00ae<\/sup> devices or Linux\u00ae<\/sup> servers hosted in AWS\u00ae<\/sup>), so organizations with heterogeneous environments may need to look beyond Microsoft for managing access to those. <\/p>\n\n\n\n
As with all other versions of Azure AD, O365 apps allows admins to sync their AAD instance with AD through Azure AD Connect. By doing so, they can increase the value of AAD O365 apps by enabling admins to implement important Microsoft features like network authentication via RADIUS (this requires an on-prem NPS server to do so), or group policy objects (GPOs) to manage Windows\u00ae<\/sup> systems.<\/p>\n\n\n\n
On its own, AAD O365 apps can be beneficial for admins looking to manage their Office365 users, but as an identity provider, admins may be searching for other solutions to increase the effectiveness of the substrate identity management tool.<\/p>\n\n\n\n
Drawbacks of Azure AD Office 365 Apps<\/h3>\n\n\n\n
In organizations where users generally use 10 applications or more, AAD O365 apps can be less than ideal. Though AAD O365 apps offers an unlimited number of directory objects per user, this only applies to O365 user accounts, and doesn\u2019t apply to user identities in Azure or Active Directory. <\/p>\n\n\n\n
IT teams have to look beyond AAD O365 apps if they want to leverage RADIUS, manage users or groups, customize the provision or deprovisioning of users to pre-integrated SaaS apps, or enact GPOs for Windows devices. Additionally, AAD O365 apps don’t manage disparate systems (such as macOS\u00ae<\/sup> devices or Linux\u00ae<\/sup> servers hosted in AWS\u00ae<\/sup>), so organizations with heterogeneous environments may need to look beyond Microsoft for managing access to those. <\/p>\n\n\n\n
Cloud Identity Management<\/h2>\n\n\n\n
IT teams looking to leverage Azure AD for identity management may find that it can be a costly choice, depending on what their needs are. Ultimately, AAD O365 apps ideally serves organizations that keep their applications limited to that of Office 365 and a handful of others.<\/p>\n\n\n\n
For network authentication, group management, GPOs, and more, IT teams can choose to implement Azure AD in conjunction with AD, though that still leaves them generally limited to only Windows-centric devices. As a result, organizations looking for a modern solution that manages all of their modern resources may find that AAD O365 apps could not be the most practical solution, as it requires any number of add-ons to get it to the level of functionality that some IT departments require.<\/p>\n\n\n\n
JumpCloud Directory-as-a-Service<\/h3>\n\n\n\n
Admins seeking a holistic solution for managing their IT infrastructure should consider JumpCloud\u00ae<\/sup> Directory-as-a-Service\u00ae<\/sup> (DaaS). Using preconfigured protocols like cloud-based LDAP, RADIUS, and SAML 2.0, admins can authenticate user credentials to nearly all their resources via True Single Sign-On\u2122<\/a> (True SSO.)<\/p>\n\n\n\n
Also, JumpCloud employs functions such as multi-factor authentication<\/a> and SSH keys to protect the resources users are connecting to. Identity management in the cloud can be made both simple and secure for admins and users alike.<\/p>\n\n\n\n
Learn More<\/h2>\n\n\n\n
Interested in learning more about moving your IT infrastructure to the cloud? Check out our YouTube channel<\/a> for videos on DaaS, or feel free to register<\/a> for a personalized demo. <\/p>\n","protected":false},"excerpt":{"rendered":"