Active Directory Federation Services (AD FS) is the Microsoft implementation of the ws-Federation Passive Requestor Profile protocol. AD FS allows domain to be extended to external networks however Azure AD provides modern functionality.
Directory Synchronisation (DirSync), now part of AD Connect, allows synchronisation of an on premise AD domain to Azure AD. Directory synchronisation relies upon:
- Connector space: shadow copies of AD objects with a subset of attributes added here ready for synchronisation
- Metaverse: central, consolidated view of objects being synchronised
- Synchronisation Rules: define which and how objects are synchronised
Password hashes can be optionally synchronised. Enable Hybrid Deployment to sync Azure AD changes back on on premise. Matching Rules can be used to determine how objects across multiple directories are synchronised together e.g. 2 user accounts in 2 directories both representing the same user.
Azure AD Application Proxy exposes on premise applications to the cloud with Azure AD protection. Publish applications that will be accessible from outside your network with an external Azure provided URL and a configured URL pointing to the on premise application. Assign users and groups rights to access the application. Users can view and access applications assigned to them in the Azure AD Access Panel using a web browser.