Azure AD terminology
To use Azure AD effectively, you need to understand some key Active Directory terms.
Here's an explanation of some of those terms:
| Term | Description |
|---|---|
| Identity | Something that has to be identified and authenticated. An identity is typically a user who has username and password credentials, but the term can also apply to applications or services. |
| Account | An identity and its associated data. An account can't exist without an identity. |
| Azure AD account | An identity created in Azure AD or in services like Office 365. These identities are stored in Azure AD. For example, internal staff members might use Azure AD accounts daily at work. |
| Azure subscription | Your level of access to use Azure and its services. For pay-as-you-go access, use your credit card to set up an Azure subscription. There are several types of subscriptions. For example, enterprise-level customers can use Azure Enterprise Agreement subscriptions. Each account can use many subscriptions. |
| Azure AD tenant | An instance of an Azure AD. This tenant is created for you automatically when you first sign up for Azure or other services like Office 365. A tenant, which represents an organization, holds your users, their groups, and applications. |
| Multi-tenant | Multiple-tenant access to the same applications and services in a shared environment. These tenants represent multiple organizations. |
| Azure AD directory | An Azure resource that's created for you automatically when you subscribe to Azure. You can create many Azure AD directories. Each of these directories represents a tenant. |
| Custom domain | A domain that you customize for your Azure AD directory. When you create an Azure AD directory, Azure automatically assigns it a default domain like <your-organization>.onmicrosoft.com. But you can customize domain names. Your users could then have accounts like joesmith@contoso.com instead of joesmith@contoso.onmicrosoft.com. |
| Owner role | The role you use to manage all resources in Azure, including the access levels that users need for resources. |
| Global administrator | The role that gives you access to all administrative capabilities in Azure AD. When you create a tenant, you automatically have this role for the tenant. This role allows you to reset passwords for all users and administrators, for example. |