IT Connect

Information technology tools and resources at the UW

Azure AD Capability Lifecycle and Support

The UW Azure Active Directory provides a very large number of capabilities crossing many areas. This page lists those capabilities, the lifecycle stage each is in, and our support for them.

The UW Enterprise Architecture (EA) program promotes using specific terms to communicate technology lifecycle status, and we attempt to use their terminology. You may want to consult the UW EA documentation on the intended meaning of these terms.

Lifecycle Support

The following chart can be used to help understand what the lifecycle terms listed for each Azure AD capability mean.

Not Available Emerging Baseline Containment Retired
Possible for customers No Maybe Yes Restricted No
MI support available No No Yes Limited No
MI consulting available No Yes Yes Yes No
Requires special licensing N/A Maybe No Maybe N/A

Authentication and Credential Management Capabilities

Capability Component Support Lifecycle
Authentication AAD Security Token Service Baseline
AAD UW NetID & authentication integration ADFS, Weblogin, NETID domain Baseline
Web app identity (social, id registration, or UW NetID) AAD B2C Emerging
Multi-factor authentication Azure MFA Not available, may emerge later
MFA: Windows Hello for Business (AAD-join-based) AAD Device Registration Service Not available, may emerge later
AAD Self Service Password Reset (SSPR) AAD Access Portal Not available
Cloud to on-prem token translation AAD App Proxy Emerging
Per-app logon token issuance based on conditions AAD Conditional Access Not available, may emerge later

Collaboration and Application Management Capabilities

Capability Component Support Lifecycle
AAD Groups (integrated) AAD Groups, AAD Connect, UW Groups Service Baseline
AAD Office groups AAD Groups, Office 365, Azure/Office portals Not available (Emerging soon)
AAD Member private groups N/A Not available
AAD Group integration for external users N/A Not available
AAD Groups integration for Office groups N/A Not available
AAD Self Service/Delegated Group Management Azure Portal, AAD Access Portal, Group owner Not available, may emerge later
AAD Dynamic and Dedicated Groups Azure Portal Emerging
AAD (risky) app creation App approval process, Azure Portal Baseline (2/15: “Risky” redefined)
Self-service app identity and permission creation AAD Apps, AAD Service Principals, AAD OAuth server Not available (2/15: baseline)
User consent to app access AAD OAuth server Not available (2/15: baseline)

Device Management Capabilities

Capability Component Support Lifecycle
AAD Device Join AAD Device Registration Service Not available, may emerge later
AAD Workplace Join AAD Device Registration Service Baseline
AAD MDM (InTune) AAD Device Registration Service, MDM provider Not available, may emerge later

Information Security Capabilities

Capability Component Support Lifecycle
Azure Info Protection (RMS) Azure RMS, Azure RMS Connector Emerging (pilot soon)
AAD RBAC, Roles, & Admin Units (AUs) AAD Role templates, AAD Roles, AAD AUs Baseline (no AUs yet)
AAD Privileged Identity Management AAD PIM Not available, may emerge later
Audit information AAD Graph Emerging
Audi reporting AAD Graph, UW-IT AAD monitor Emerging
AAD Threat Analytics AAD Threat Analytics Not available

Enable Cloud Capabilities

Capability Component Support Lifecycle
Directory information AAD Graph API Baseline
AAD Directory integration AAD Connect, AAD Graph, AAD PS interface Baseline
External Users AAD B2B Emerging
Discover what SaaS apps are being used AAD Cloud App Discovery Not available, may emerge later
Non-modern cloud-based app integration Azure AD Domain Services Not available, may emerge later
AAD user based licensing AAD Graph API, Azure Portal, AAD PS interface Emerging
AAD Group-based license assignment AAD Group-based licensing Emerging