The UW Azure Active Directory provides a very large number of capabilities crossing many areas. This page lists those capabilities, the lifecycle stage each is in, and our support for them.
The UW Enterprise Architecture (EA) program promotes using specific terms to communicate technology lifecycle status, and we attempt to use their terminology. You may want to consult the UW EA documentation on the intended meaning of these terms.
Lifecycle Support
The following chart can be used to help understand what the lifecycle terms listed for each Azure AD capability mean.
Not Available | Emerging | Baseline | Containment | Retired | |
Possible for customers | No | Maybe | Yes | Restricted | No |
MI support available | No | No | Yes | Limited | No |
MI consulting available | No | Yes | Yes | Yes | No |
Requires special licensing | N/A | Maybe | No | Maybe | N/A |
Authentication and Credential Management Capabilities
Capability | Component | Support Lifecycle |
Authentication | AAD Security Token Service | Baseline |
AAD UW NetID & authentication integration | AAD Security Token Service, NETID domain, Azure AD Connect | Baseline |
Web app identity (social, id registration, or UW NetID) | AAD B2C | Emerging |
Multi-factor authentication | Azure MFA | Baseline Note: requires Microsoft Student/Advanced/Transitional service level. |
MFA: Windows Hello for Business (AAD-join-based) | AAD Device Registration Service | Baseline Note: requires Microsoft Student/Advanced/Transitional service level. |
AAD Self Service Password Reset (SSPR) | AAD Access Portal | Not available
Baseline for AAD-only users |
Cloud to on-prem token translation | AAD App Proxy | Retired |
Per-app logon token issuance based on conditions | AAD Conditional Access | Baseline
Note: requires Microsoft Student/Advanced/Transitional service level. |
Collaboration and Application Management Capabilities
Capability | Component | Support Lifecycle |
AAD Groups (integrated) | AAD Groups, AAD Connect, UW Groups Service | Baseline |
AAD Office groups | AAD Groups, Office 365, Azure/Office portals | Baseline (via MSCA) |
AAD Member private groups | N/A | Not available |
AAD Group integration for external users | N/A | Not available |
AAD Groups integration for Office groups | N/A | Not available |
AAD Self Service/Delegated Group Management | Azure Portal, AAD Access Portal, Group owner | Not available
Baseline for Office groups |
AAD Dynamic and Dedicated Groups | Azure Portal | Emerging |
Self-service app identity and permission creation | AAD Apps, AAD Service Principals, AAD OAuth server | Baseline |
User consent to app access | AAD OAuth server | Baseline |
Device Management Capabilities
Capability | Component | Support Lifecycle |
AAD Device Join | AAD Device Registration Service | Baseline |
AAD Device Registration | AAD Device Registration Service | Baseline |
Cloud-based device provisioning (Autopilot) | AAD Device Registration Service, Intune | Baseline (via Managed Workstation) |
AAD MDM (InTune) | AAD Device Registration Service, MDM provider | Not available, may emerge later (via Managed Workstation) |
Information Security Capabilities
Capability | Component | Support Lifecycle |
Azure Purview (Info Protection & RMS) | Azure Purview, Azure Info Protection, Azure RMS, Azure RMS Connector | Baseline |
AAD RBAC & Roles, & Admin Units (AUs) | AAD Role templates, AAD Roles | Baseline |
AAD Admin Units | AAD AUs | Emerging (no AUs yet) |
AAD Privileged Identity Management | AAD PIM | Baseline |
Audit information | AAD Graph & Log Analytics | Baseline |
Audit reporting | AAD Graph & Log Analytics | Baseline: CISO & UW Medicine Security |
AAD Threat Analytics | AAD Threat Analytics | Emerging |
Enable Cloud Capabilities
Capability | Component | Support Lifecycle |
Directory information | AAD Graph API | Baseline |
AAD Directory integration | AAD Connect, AAD Graph, AAD PS interface | Baseline |
External Users | AAD B2B | Baseline |
Discover what SaaS apps are being used | AAD Cloud App Discovery | Not available, may emerge later |
Non-modern cloud-based app integration | Azure AD Domain Services | Not available, no plans |
AAD user based licensing | AAD Graph API, Azure Portal, AAD PS interface | Retired |
AAD Group-based license assignment | AAD Group-based licensing | Baseline |