Azure Active Directory Domain Services (AD DS)
Even if AD DS is not an IDP that provides modern authentication capabilities, it is worth mentioning it because of its integration with AAD. AD DS is a managed service that relies on AAD identities to provide a managed AD DS installation (that is, managed Domain Controllers servers) in the cloud. It offers all the basic capabilities that AD DS offers by deploying a pair of Domain Controllers within a private network (an Azure Virtual Network) created through the Microsoft public cloud, Azure. As the non-managed counterpart service that can be deployed through Windows Server, AD DS provides Kerberos, LDAP, and NTLM authentication and simplifies all the lift-and-shift migration scenarios that involve tasks such as moving on-premises workloads (file servers) to Azure. AD DS does not provide the level of customization that a full installation of AD DS offers (the AD schema cannot be extended), but it has been designed for specific use cases...
