Q: What's the difference between Azure Active Directory and Azure Active Directory Premium?

A: The regular Azure Active Directory is free and is used by a number of services; additional Azure Active Directory tenants can be created through the Microsoft Azure portal (the same one you use to create virtual machines and so on). The free Azure Active Directory includes the following features:

  • Self-service password change
  • Basic security reports that show the geographical location and time your account was logged on
  • Directory synchronization
  • User-based provisioning of services
  • Up to 500,000 objects
  • Single sign-on (SSO) to up to 10 applications that are federated with Azure Active Directory

Azure Active Directory Premium includes the following additional features:

  • Enterprise SLA of 99.9 percent
  • No limit to the number objects
  • No limit to the number of SSO applications
  • Group-based provisioning of services
  • Self-service group management
  • Self-service password reset (and that password when synchronized then replicates to on-premises Active Directory, providing a cloud-based password reset capability)
  • Advanced security reports based on learning of how users log on to alert to suspicious logon behavior (which can then integrate the multifactor authentication so the next time a suspicious user logs on they must use another factor of authentication)
  • Usage reporting
  • Customized branding on the logon and access pages
  • Multifactor authentication such as requiring answering a call, text message, and mobile application to log on
  • Licenses for Microsoft Forefront Identity Manager to be used on-premises to enable synchronization of other directories and so on

Today Azure Active Directory Premium is available only as part of an Enterprise agreement and as part of the Enterprise Mobility Suite (EMS), which also includes Azure RMS and Windows Intune. (Hopefully this will change.)

For a list of all the services and applications that are federated and work with Azure Active Directory, see Microsoft's "Azure Active Directory Applications" page.