Azure AD Capability Lifecycle and Support

The UW Azure Active Directory provides a very large number of capabilities crossing many areas. This page lists those capabilities, the lifecycle stage each is in, and our support for them.

The UW Enterprise Architecture (EA) program promotes using specific terms to communicate technology lifecycle status, and we attempt to use their terminology. You may want to consult the UW EA documentation on the intended meaning of these terms.

Lifecycle Support

The following chart can be used to help understand what the lifecycle terms listed for each Azure AD capability mean.

	Not Available	Emerging	Baseline	Containment	Retired
Possible for customers	No	Maybe	Yes	Restricted	No
MI support available	No	No	Yes	Limited	No
MI consulting available	No	Yes	Yes	Yes	No
Requires special licensing	N/A	Maybe	No	Maybe	N/A

Authentication and Credential Management Capabilities

Capability	Component	Support Lifecycle
Authentication	AAD Security Token Service	Baseline
AAD UW NetID & authentication integration	AAD Security Token Service, NETID domain, Azure AD Connect	Baseline
Web app identity (social, id registration, or UW NetID)	AAD B2C	Emerging
Multi-factor authentication	Azure MFA	Baseline Note: requires Microsoft Student/Advanced/Transitional service level.
MFA: Windows Hello for Business (AAD-join-based)	AAD Device Registration Service	Baseline Note: requires Microsoft Student/Advanced/Transitional service level.
AAD Self Service Password Reset (SSPR)	AAD Access Portal	Not available Baseline for AAD-only users
Cloud to on-prem token translation	AAD App Proxy	Retired
Per-app logon token issuance based on conditions	AAD Conditional Access	Baseline Note: requires Microsoft Student/Advanced/Transitional service level.

Collaboration and Application Management Capabilities

Capability	Component	Support Lifecycle
AAD Groups (integrated)	AAD Groups, AAD Connect, UW Groups Service	Baseline
AAD Office groups	AAD Groups, Office 365, Azure/Office portals	Baseline (via MSCA)
AAD Member private groups	N/A	Not available
AAD Group integration for external users	N/A	Not available
AAD Groups integration for Office groups	N/A	Not available
AAD Self Service/Delegated Group Management	Azure Portal, AAD Access Portal, Group owner	Not available Baseline for Office groups
AAD Dynamic and Dedicated Groups	Azure Portal	Emerging
Self-service app identity and permission creation	AAD Apps, AAD Service Principals, AAD OAuth server	Baseline
User consent to app access	AAD OAuth server	Baseline

Device Management Capabilities

Capability	Component	Support Lifecycle
AAD Device Join	AAD Device Registration Service	Baseline
AAD Device Registration	AAD Device Registration Service	Baseline
Cloud-based device provisioning (Autopilot)	AAD Device Registration Service, Intune	Baseline (via Managed Workstation)
AAD MDM (InTune)	AAD Device Registration Service, MDM provider	Not available, may emerge later (via Managed Workstation)

Information Security Capabilities

Capability	Component	Support Lifecycle
Azure Purview (Info Protection & RMS)	Azure Purview, Azure Info Protection, Azure RMS, Azure RMS Connector	Baseline
AAD RBAC & Roles, & Admin Units (AUs)	AAD Role templates, AAD Roles	Baseline
AAD Admin Units	AAD AUs	Emerging (no AUs yet)
AAD Privileged Identity Management	AAD PIM	Baseline
Audit information	AAD Graph & Log Analytics	Baseline
Audit reporting	AAD Graph & Log Analytics	Baseline: CISO & UW Medicine Security
AAD Threat Analytics	AAD Threat Analytics	Emerging

Enable Cloud Capabilities

Capability	Component	Support Lifecycle
Directory information	AAD Graph API	Baseline
AAD Directory integration	AAD Connect, AAD Graph, AAD PS interface	Baseline
External Users	AAD B2B	Baseline
Discover what SaaS apps are being used	AAD Cloud App Discovery	Not available, may emerge later
Non-modern cloud-based app integration	Azure AD Domain Services	Not available, no plans
AAD user based licensing	AAD Graph API, Azure Portal, AAD PS interface	Retired
AAD Group-based license assignment	AAD Group-based licensing	Baseline