Azure Active Directory (AAD)
When you encounter Microsoft’s AAD for the first time, the most common (and wrong) idea is to think of AAD as simply the cloud counterpart of AD DS. AAD and AD DS are two completely different technologies that can work together but provide different authentication services. AD DS is a service that comes with Windows Server; it provides an LDAP directory, Kerberos, and NTLM authentication (along with other enterprise features, such as group policy management). AAD, on the other hand, is a modern IDP that doesn’t really know what those protocols are because it implements different ones, such as OAuth 2.0, SAML, WS-Federation, and OpenID Connect.
This means that AAD can be considered a hub centered within Microsoft’s services, as shown in the following diagram:
Figure 7.2 – AAD overview
Any AAD object can be accessed through a REST API called Microsoft Graph, which allows you to create, update, and delete...
