Making sense of Microsoft's identity products
Microsoft offers a dizzying assortment of identity products.
Navigating their subtle distinctions and terminology can feel a bit overwhelming if you’re new to enterprise identity management.
If you start poking around a bit, you’ll run into the following product names:
- Active Directory
- Active Directory Domain Services
- Active Directory Federation Services
- Azure Active Directory
- Entra ID
I hope that this article helps clarify the Microsoft landscape without spending too much time on the technical details.
There’s one big reason that Microsoft’s products will feel confusing: some of them have been around a very long time! Microsoft works hard to support customers that still want to use old products. As they launch new products, they weave backward compatibility not just through those new products, but also through their documentation and product marketing.
With that in mind, I find it most helpful to clarify the Microsoft landscape by unfolding their product portfolio in a timeline. You’ll get introduced to the products in the order that Microsoft launched them.
Active Directory first came along as part of Windows Server 2000. It improved on some existing Windows products. We don’t need to worry too much about the technical details. Loosely speaking, that version of Active Directory helped network administrators centralize information and manage rights assigned to different entities on their on-premise networks. If you’re really curious, there’s a great guide here.
Over time, Microsoft added more identity and access management features to Windows Server. By the time Windows Server 2003 launched, for instance, major companies like Citrix and Ping Identity had begun building cross-domain single sign-on support through a new product called Active Directory Federation Services (ADFS). Again loosely speaking, ADFS enabled companies to manage access to external resources – whereas the classic Active Directory product focused on managing access within the same network.
Around this time, Active Directory began to describe the whole family of access management products. Microsoft started to describe the original Active Directory product as Active Directory Domain Services.
The original name has staying power. These days, if you hear someone talk about Active Directory with no additional context, you might safely assume that they’re talking about Active Directory Domain Services.
In late 2008, Microsoft made some announcements about putting Windows on the internet, launching Azure. And before long, they introduced Azure Active Directory. The software evolved an awful lot over time. You can track some of its evolution on old StackOverflow posts like this one.
In 2023, Microsoft rebranded Azure Active Directory as Entra ID. We’ve found that relatively few people use the new name.
If the above hasn’t helped much, I hope that you consider reading this documentation from Microsoft outlining the products they currently offer. Unfortunately, Microsoft’s names won’t always match the names used by real people.