Enterprise Mobility and Security Blog

RSS

Howdy folks,

Today I have the pleasure of letting you know that Azure AD Basic is now available for purchase through the volume-licensing channel.

Since the launch of Azure AD Premium in April, we've had the opportunity to meet with hundreds of enterprise customers and get to understand their businesses and their challenges at a much deeper level. It's been an incredible privilege and I can't thank them enough for the time they've invested with us.

One of the biggest things we've learned from these discussions is that some of our very largest customers have thousands of employees who are "deskless". They don't have a traditional office and in most cases the company does not provide them with a PC. These employees are the folks we all interact with every day while we're out shopping. They are retail store employees, baristas, and bank tellers (and other similar roles). Most of these employees were never even represented in the organizations on premises Active Directory as they didn't use a PC or access corporate applications.

However the cloud and cloud scale economics are changing all that!

Today our customers want to give all their employees accounts in Azure AD (which we're very excited about) and to manage their employees access to a broad range of cloud based SAAS apps. But because of the roles these deskless employees play, they may not need the full feature set of Azure AD Premium. These employees tend to use fewer SaaS apps than a traditional information worker. They don't have on premises records in AD, so synching back to AD on premises isn't important. They don't need to do a lot of collaborative authoring and sharing at work, so being able to manage their own groups is not a big requirement.

Based on this learning, we've added a new version of Azure AD, Azure AD Basic, built specifically for these employees and the types of work they do.

AAD Basic provides essential features like company branding, group-based application access and self-service password reset. Azure AD Premium part of the Enterprise Mobility Suite (EMS) continues to provide this functionality and more advanced features like self-service group management, multifactor authentication and advanced security reporting. Here's a chart with the details of which set of Azure AD capabilities are available in each version of Azure AD:

Table 1: Feature sets for the three different versions of Azure AD

*indicates a feature still in preview

The features included in Active Directory Basic are:

  • Company branding – This feature enables you to add your company logo and color schemes to your organization's Sign In and Access Panel pages. You also have the option to add localized versions of the logo for different languages and locales.
    For more information, see Add Company branding to your Sign In and Access Panel pages.
  • Group-based application access – Easily manage user access to thousands of SaaS applications based on group membership. These groups can be in the cloud or sourced from on-premises Active Directory.
    For more information, see Assign access for a group to a SaaS application.
  • Self-service password reset – Azure AD has always allowed directory administrators to reset forgotten passwords. With Azure AD Basic, you can reduce your helpdesk calls by allowing the users in the company to reset their password.
    For more information, see Self-service password reset for users.
  • Enterprise SLA of 99.9% – We guarantee at least 99.9% availability of the Azure Active Directory Basic service

I'm excited to be able to make this new subscription available as I know how important it is for our largest enterprise customers.

And as always, we'd love to hear and suggestions or feedback you have.

Best regards,

Alex Simons (Twitter: Alex_A_Simons)

Director of Program Management

Active Directory Team