What's the difference between AD vs Azure AD (now called Entra ID)? (2024)

AD vs Azure AD – confused about the difference? We get it – the distinction isn’t immediately clear.

Note: Microsoft renamed Azure AD to Entra ID in 2024

In this guide, we’ll be exploring the key differences between Active Directory (AD), Azure Active Directory (Azure AD) and their relevance to you.

What's the difference between AD vs Azure AD (now called Entra ID)? (1)

What Is Active Directory?

AD stands for Active Directory. In order to understand what Active Directory is, you’ll need to understand the basics of a Domain Controller.

A Domain Controller is a server on the network that centrally manages access for users, PCs and servers on the network. It does this using AD.

Active Directory is a database that organises your company’s users and computers. It provides authentication and authorization to applications, file services, printers, and other resources on the network. It uses protocols such as Kerberos and NTLM for authentication and LDAP to query and modify items in the Active Directory databases.

Key Functions of AD

Active Directory Domain Services (to give it is full and proper name) run on the Domain Controller and have the following key functions:

  • Secure Object store, including Users, Computers and Groups
  • Object organization – Organisational Units (OU), Domains and Forests
  • Common Authentication and Authorization provider
  • LDAP, NTLM, Kerberos (secure authentication between domain joined devices)
  • Group Policy – for fine grained control and management of PCs and Servers on the domain

So basically AD has a record of all your users, PCs and Servers and authenticates the users signing in (the network logon). Once signed in, AD also governs what the users are, and are not, allowed to do or access (authorisation). For example, it knows that John Smith is in the Sales Group and is not allowed to access the HR folder on the file server. It also allows control and management of PCs and Servers on the network via Group Policy (so for example you could set all users’ home page on their browser to be your intranet, or you can prevent users from installing other software etc).

Most established businesses will have AD running on one or more Domain Controllers on their network.

What are the Azure Active Directory benefits?

Azure AD Benefit 1

Azure AD is not simply a cloud version of AD as the name might suggest. Although it performs some of the same functions, it is quite different.

Azure Active Directory is a secure online authentication store, which can contain users and groups. Users have a username and a password which are used when you sign into an application that uses Azure AD for authentication. So for example all of the Microsoft Cloud services use Azure AD for authentication: Office 365, Dynamics 365 and Azure. If you have Office 365, you are already using Azure AD under the covers.

Azure AD Benefit 2

As well as managing users and groups, Azure AD manages access to applications that work with modern authentication mechanisms like SAML and OAuth. Applications are an object that exist in Azure AD, and this allows you to create an identity for your applications (or 3rd party ones) that you can grant access for users to. Besides seamlessly connecting to any Microsoft Online Services, Azure AD can connect to thousands of SaaS applications (e.g. Salesforce, Slack, ZenDesk etc) using a single sign-on.

When compared with AD, here is what Azure AD doesn’t do:

  • You can’t join a server to it
  • You can’t join a PC to it in the same way – there is Azure AD Join for Windows 10 only (see later)
  • There is no Group Policy
  • There is no support for LDAP, NTLM or Kerberos
  • It is a flat directory structure – no OU’s or Forests

So Azure AD does not replace AD.

AD is great at managing traditional on-premise infrastructure and applications. Azure AD is great at managing user access to cloud applications. They do different things with the area of overlap being user management.

AD vs Azure AD – should you use one, the other or both?

If you have a traditional on-premise set up with AD and also want to use Azure AD to manage access to cloud applications (e.g. Office 365 or any of thousands of SaaS apps) then you can happily use both.

If you are using Office 365 then your users will have a username and password for that (managed by Azure AD), as well as a username and password for their network logon (managed by AD). These two sets of credentials are un-related. This is fine, and just means that if you have a password change policy that users will have to do this twice (and they could of course choose the same password for both).

Or you can synchronise AD with Azure AD so that the users only have one set of credentials which they use for both their network logon, and access to O365. You use Azure AD Connect to do this, it is a small free piece of Microsoft software that you install on a server to perform the synchronisation.

If you are a new business or one that is looking to transition away from having any traditional on-premise infrastructure and using purely cloud based applications, then you can operate purely using Azure AD.

In this case, although you will have all your applications in the cloud, you will of course still have physical devices – PCs and smart phones – that your team will use to access and work with these cloud applications.

So how do you secure and manage these devices?

In the case of PCs (this applies to Windows 10 only) you can Azure AD Join them and login to machines using Azure AD user accounts. You can apply conditional access policies that require machines to be Azure AD joined before accessing company resources or applications. However Azure AD Join provides limited functionality compared to AD Join (as there is no Group Policy) and in order to gain fine grained control over the PCs you would then use a Mobile Device Management solution, such as Microsoft Intune, in addition to this.

Other devices (Windows 10, iOS, Android, and MacOS) can be Azure AD Registered (which means you sign into the device itself without requiring an Azure AD account, but can then access apps etc using the Azure AD account) and controlled using Microsoft Intune.

If you can’t get all your applications as SaaS apps and have some that still need to run on your own servers, then you can migrate these to Virtual Machines (VMs) in Azure. If those VMs need to be domain joined, then you can either deploy a Domain Controller on another VM in Azure, or you can use Azure Active Directory Domain Services (Azure AD DS) which is a PaaS service (you don’t have to manage it) for domain joining Azure VMs. Azure AD DS automatically synchronises with Azure AD so all your users get the application access you want.

AD vs Azure AD Summary

In Summary, Azure AD is not simply a cloud version of AD, they do quite different things. AD is great at managing traditional on-premise infrastructure and applications. Azure AD is great at managing user access to cloud applications. You can use both together, or if you want to have a purely cloud based environment you can just use Azure AD.

Want to know more?

If you want to know more about the difference between AD vs Azure AD, Compete366 is here to help.

Contact Compete366 for a free discussion with one of our Office 365 or Azure consultants on how to take advantage of Azure AD and Azure, as well as to learn more about how to reduce your IT spend with ideal pricing.

Contact us

Want to keep in touch?

If you’ve enjoyed reading this blog, then sign up to receive our monthly newsletter where we share new blogs, technical updates, product news, case studies, company updates, Microsoft and Cloud news.

We promise that we won’t share your email address with other business or parties, and will keep your details safe. You can choose to unsubscribe at any time.

Newsletter Sign Up

What's the difference between AD vs Azure AD (now called Entra ID)? (2024)


What is the difference between Entra ID and Azure AD? ›

Microsoft Entra ID is the new name for Azure AD. The names Azure Active Directory, Azure AD, and AAD are replaced with Microsoft Entra ID. Microsoft Entra is the name for the product family of identity and network access solutions. Microsoft Entra ID is one of the products within that family.

What is the difference between AD and Azure AD? ›

The main difference between Active Directory and Azure AD is that one is an on-premise service you need to provide your own infrastructure for and deploy, update and maintain yourself, while the other is a cloud service hosted for you by Microsoft.

What is the difference between Azure Active Directory and Azure IAM? ›

While authentication and authorization are functions of both Active Directory and Azure AD, the systems themselves are also known as IAM or Identity and Access Management systems. This means that the directories are also used for . . . managing the identities of people and things and managing access to other things.

What is the difference between aad and Intune? ›

Azure Active Directory (Azure AD) is a universal identity management platform that incorporates user credentials and strong authentication policies to safeguard your company's data, while Microsoft Intune provides cloud-based mobile device management (MDM) and mobile application management (MAM).

Why is Azure AD now an Entra ID? ›

Azure Active Directory, or Azure AD, has been rebranded as Entra ID. This change reflects the evolution and growth of the Entra product family name, which Microsoft introduced in Spring 2022. Entra continues to evolve and exists to provide secure and efficient identity and access management solutions.

Why was Azure AD renamed to Entra ID? ›

Azure Active Directory (Azure AD) has been renamed to Microsoft Entra ID to better communicate the multicloud, multiplatform functionality of the product and unify the naming of the Microsoft Entra product family.

What is the difference between Azure and Entra? ›

Azure AD, short for Azure Active Directory, is a cloud-based identity and access management solution. On the other hand, Microsoft Entra is a hybrid IAM solution that caters to organizations with complex identity management requirements.

How does Microsoft Entra ID work? ›

App developers can use Microsoft Entra ID as a standards-based authentication provider that helps them add single sign-on (SSO) to apps that works with a user's existing credentials. Developers can also use Microsoft Entra APIs to build personalized experiences using organizational data.

What is the difference between Azure user and Azure AD user? ›

There is no difference between the two. Azure users exist in Azure AD and have the same attributes. There is, however, a difference between Hybrid Azure AD users that exist both on-premises and in the cloud, and Azure AD cloud-only users.

Does Azure Active Directory replace Active Directory? ›

While Azure AD DS is compatible with Windows AD, it does not have feature parity with Windows AD. It is important to understand the following differences when considering replacing Windows AD with Azure AD DS.

Is Azure Active Directory same as IAM in AWS? ›

AWS creates a separate (i.e., siloed) Identity and Access Management (IAM) store for each AWS Account. Azure AD centrally stores the identities such as users, groups, and service principals. The same Azure AD is used by multiple Azure Subscriptions avoiding identity duplication and silos.

What are the two basic user types in Azure Active Directory? ›

Work account - A work account can access resources in a tenant, and with an administrator role, can manage tenants. Guest account - A guest account can only be a Microsoft account or a Microsoft Entra user that can be used to share administration responsibilities such as managing a tenant.

What is the difference between Azure roles and aad roles? ›

Summary. Azure AD roles are used to manage access to Azure AD resources, whereas Azure roles are used to manage access to Azure resources.

Is Azure AD Connect the same as Entra Connect? ›

Microsoft Entra Connect (formerly known as Azure AD Connect) is a Microsoft application that integrates on-premises Active Directory and Microsoft Entra ID seamlessly, in particular giving users the experience of single sign-on, or at least same sign-on.

When did Azure become Entra? ›

On July 11, 2023, Microsoft announced the renaming of Azure AD to Microsoft Entra ID to improve consistency with other Microsoft cloud products. The name change took place on July 15, 2023.

What is Entity ID in Azure AD? ›

The Entity ID is a URI used to identify the issuer of a SAML request, response, or assertion.

Is Azure directory ID the same as tenant ID? ›

In the Manage section, click Properties. The Directory properties page appears. Copy the Directory ID. Note: The Tenant ID and Directory ID are the same.

Top Articles
Latest Posts
Article information

Author: Rev. Leonie Wyman

Last Updated:

Views: 6315

Rating: 4.9 / 5 (79 voted)

Reviews: 94% of readers found this page helpful

Author information

Name: Rev. Leonie Wyman

Birthday: 1993-07-01

Address: Suite 763 6272 Lang Bypass, New Xochitlport, VT 72704-3308

Phone: +22014484519944

Job: Banking Officer

Hobby: Sailing, Gaming, Basketball, Calligraphy, Mycology, Astronomy, Juggling

Introduction: My name is Rev. Leonie Wyman, I am a colorful, tasty, splendid, fair, witty, gorgeous, splendid person who loves writing and wants to share my knowledge and understanding with you.