Azure AD Capability Lifecycle and Support

Last updated: January 30, 2023
Audience: IT Staff / TechnicalDecision Makers

The UW Azure Active Directory provides a very large number of capabilities crossing many areas. This page lists those capabilities, the lifecycle stage each is in, and our support for them.

The UW Enterprise Architecture (EA) program promotes using specific terms to communicate technology lifecycle status, and we attempt to use their terminology. You may want to consult the UW EA documentation on the intended meaning of these terms.

Lifecycle Support

The following chart can be used to help understand what the lifecycle terms listed for each Azure AD capability mean.

Not Available Emerging Baseline Containment Retired
Possible for customers No Maybe Yes Restricted No
MI support available No No Yes Limited No
MI consulting available No Yes Yes Yes No
Requires special licensing N/A Maybe No Maybe N/A

Authentication and Credential Management Capabilities

Capability Component Support Lifecycle
Authentication AAD Security Token Service Baseline
AAD UW NetID & authentication integration AAD Security Token Service, NETID domain, Azure AD Connect Baseline
Web app identity (social, id registration, or UW NetID) AAD B2C Emerging
Multi-factor authentication Azure MFA Containment
MFA: Windows Hello for Business (AAD-join-based) AAD Device Registration Service Containment
AAD Self Service Password Reset (SSPR) AAD Access Portal Not available

Baseline for AAD-only users

Cloud to on-prem token translation AAD App Proxy Containment
Planned retirement 2/2/2022
Per-app logon token issuance based on conditions AAD Conditional Access Baseline (limited to employees and students)

Collaboration and Application Management Capabilities

Capability Component Support Lifecycle
AAD Groups (integrated) AAD Groups, AAD Connect, UW Groups Service Baseline
AAD Office groups AAD Groups, Office 365, Azure/Office portals Baseline (via MSCA)
AAD Member private groups N/A Not available
AAD Group integration for external users N/A Not available
AAD Groups integration for Office groups N/A Not available
AAD Self Service/Delegated Group Management Azure Portal, AAD Access Portal, Group owner Not available

Baseline for Office groups

AAD Dynamic and Dedicated Groups Azure Portal Emerging
Self-service app identity and permission creation AAD Apps, AAD Service Principals, AAD OAuth server Baseline
User consent to app access AAD OAuth server Baseline

Device Management Capabilities

Capability Component Support Lifecycle
AAD Device Join AAD Device Registration Service Baseline
AAD Device Registration AAD Device Registration Service Baseline
Cloud-based device provisioning (Autopilot) AAD Device Registration Service, Intune Baseline (via Managed Workstation)
AAD MDM (InTune) AAD Device Registration Service, MDM provider Not available, may emerge later (via Managed Workstation)

Information Security Capabilities

Capability Component Support Lifecycle
Azure Info Protection (RMS) Azure RMS, Azure RMS Connector Baseline
AAD RBAC, Roles, & Admin Units (AUs) AAD Role templates, AAD Roles, AAD AUs Baseline (no AUs yet)
AAD Privileged Identity Management AAD PIM Emerging
Audit information AAD Graph Emerging
Audit reporting AAD Graph, UW-IT AAD monitor Baseline: CISO & UW Medicine Security
AAD Threat Analytics AAD Threat Analytics Emerging

Enable Cloud Capabilities

Capability Component Support Lifecycle
Directory information AAD Graph API Baseline
AAD Directory integration AAD Connect, AAD Graph, AAD PS interface Baseline
External Users AAD B2B Baseline
Discover what SaaS apps are being used AAD Cloud App Discovery Not available, may emerge later
Non-modern cloud-based app integration Azure AD Domain Services Not available, no plans
AAD user based licensing AAD Graph API, Azure Portal, AAD PS interface Containment
AAD Group-based license assignment AAD Group-based licensing Baseline