Azure Active Directory is a cloud based security token service (IdP) with many additional capabilities, including (but not limited to) access control, directory service, device management, a user consent framework, web proxy, and security reporting capabilities. Azure AD is a multi-tenant service, meaning many customers receive service from the same underlying infrastructure, but have delegated administration of their tenant.
Azure AD provides the following protocol support:
See https://msdn.microsoft.com/en-us/library/azure/dn151124.aspx for more on Azure AD protocol support.
Brian Arkills (UW)
Every organization that has Office 365 has Azure Active Directory. There are many organizations with Office 365.
Azure AD provides application integration capabilities for a variety of types of applications. For those where the publisher is Microsoft, no attribute release control is permitted. For those where the publisher is the organization, attribute release control is possible. For those where the publisher is a 3rd party, the 3rd party publisher defines the attributes required. For those 3rd party apps, if the app requires an account be provisioned to the 3rd party, the Azure AD admin can define custom attribute mappings (see https://technet.microsoft.com/en-us/library/dn872469.aspx for more info).
For more info about integrating apps with Azure AD, see http://msdn.microsoft.com/en-us/library/azure/dn151122.aspx.
Yes and no.
When used with Conditional Access and Azure MFA, Azure AD can provide MFA on a per relying party basis or use a variety of other conditions to result in different authentication workflows. Azure AD natively only supports the Azure MFA provider–no other MFA providers are possible. If you configure Azure AD to be federated with another identity provider, then you can leverage that other provider's MFA capabilities. A common configuration is to leverage ADFS in concert with Azure AD.
Azure AD currently (2/2015) has no native assurance mechanisms aside from claims about the type of authentication (e.g. MFA).
Yes.
Azure AD provides a full user consent framework. See https://msdn.microsoft.com/en-us/library/azure/dn132599.aspx#BKMK_Consent.
Depends on level of integration and capabilities required.
Depends on level of integration and capabilities required.
Depends on level of integration and capabilities required.
Can be used with almost any web application, and in some cases can be used in hybrid scenarios where some elements of a service are using Microsoft Kerberos.