Microsoft Active Directory
Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services.
Since AD (especially together with ADFS) is an Identity Provider, the integration between TFS Gateway and AD makes use of the features in AD that the organization is using, especially around authentication of users and federation to other services. Nowadays, AD is often the means to indirectly update information to Azure AD, which then is forwarded to Azure AD with the Azure AD Connect product.
Most organizations are in a situation where AD has such an important role that it is hard to see a life without it, but most organizations still dream about it. TFS Gateway can help in the journey to get to a point where AD is not the center of Identity. TFS Gateway together with another identity provider such as Azure AD, Google IAM or Okta, make it possible to gradually phase over to more modern technology by gradually offloading AD from chores.
If the organization is using ADFS for federation services, it is typically a challenge to facilitate non-windows and/or external people. TFS Gateway can help by bridging the gap.
Microsoft Azure Active Directory
Microsoft Azure Active Directory, commonly known as Azure AD, is a system in Microsoft Azure that enables the identity management to configure accessibility of users and groups to services and resources. It shares the same name with a similar directory service found in Windows Server but Azure Active Directory is not a replacement of the on-premises AD.
Since Azure AD is an Identity Provider, the integration between TFS Gateway and Azure AD makes use of the features in AD that the organization is using, especially around authentication of users and federation to other services.
Microsoft 365, formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
From an IAM perspective, Azure AD is the backend directory that Microsoft 365 is built on. The integration between TFS Gateway and Microsoft 365 is therefore considered to be the same as the integration between Azure AD and TFS Gateway when it comes to user and group management.
One of the biggest challenges when working with IAM and Azure AD is that Azure AD does not have the same model for groups. The distribution lists are especially basically deprecated, in favor of Microsoft’s new groups that are the foundation for Teams. In order for organizations to be able to manage the old-style distribution lists without going through on premise AD, TFS Gateway works with the Exchange Online Powershell cmdlet.
Another feature that is missing in Microsoft 365/Azure AD is the “email policy” that exists in on-premise AD, helping organizations create a process for creating email addresses for multiple domains. This is also an area where TFS Gateway can help.