IT Connect
Your connection to information technology at the UW

Azure Active Directory

Azure AD provides a variety of cloud-based capabilities including application management, authentication, credential management, device management, information security, and is the integration point for a variety of cloud-based and hybrid solutions. If you are familiar with Active Directory, Azure AD is the cloud-based, infrastructure-as-a-service (IaaS) version, providing many of the same kinds of capabilities, but with the benefits of a cloud-based solution.

A document which explains a broad set of common terminology associated with Azure Active Directory may help you navigate.

UW Azure AD tenant

Use of some Azure services depends on having an Azure Active Directory tenant. The UW has guidance on when a new Azure AD Tenant should be created and when the existing enterprise Azure AD tenant should be leveraged. If in doubt, contact help@uw.edu for assistance.

The UW has one primary Azure AD tenant with a variety of domain names associated with it, including: uwnetid.onmicrosoft.com, cloud.washington.edu, uw.edu, u.washington.edu, and washington.edu. The primary domain used in this tenant is uw.edu, with many UW NetIDs automatically provisioned for use. Other UW Azure AD tenants exist and all are managed by UW-IT.

The netid.washington.edu (NETID) Active Directory (AD) has a special association with our primary Azure AD tenant–objects in the NETID AD are synchronized to our Azure AD.

Service Options

There are many service options that Azure Active Directory provides. A full list of what Azure AD capabilities UW supports and the level of support is detailed in the Azure AD Capability Lifecycle and Support document.

Here are some notable capabilities supported:

  • Azure AD Security Token Service. Features UW NetID integration via federated authentication. See Azure AD Authentication.
  • Azure AD External Users. Features ability to collaborate with non-UW identities. See Azure AD Authentication, External Users.
  • Azure AD Device Join. See Azure AD Devices.
  • Cloud to On-premises Token Translation (Azure AD Application Proxy). Features the ability to leverage the AAD STS authentication features for on-premises applications.
  • Conditional Access. On a per application basis, restrict who can get a logon token for that application with a set of criteria that must be met. May require additional purchase. See Azure AD Authentication, Conditional Access and Per-application 2FA with Azure AD.
  • Application integration. Allows you to leverage Azure AD STS features with your own application or a 3rd party application which is pre-integrated. SaaS integration and cross-application functionality are powerful features. See Azure AD Applications.
  • Duo 2FA via Conditional Access. See Azure AD 2FA.
  • Azure Information Protection. Features encryption and protection capabilities leveraging cloud-issued, short-lived access keys with support across a broad set of client platforms. May require additional purchase. See Azure Information Protection.
Last reviewed June 3, 2020