In Azure AD, Certificate-based authentication can be used to connect to:

• Custom services authored by your organization
• Microsoft SharePoint Online
• M365 or MS Exchange
• Skype for Business
• Azure API Management
• Third-party services deployed in your organization

Azure Active Directory

• Identity and access management
• Provides
  • Directory services
  • Identity governance
  • Application access management
• Ideal for SSO between on-premises machines, BYOD and mobile devices
• Thousands of applications in the Azure AD application gallery

Azure AD vs. Active Directory Domain Services
Azure Active Directory

• Identity-as-a-service
• Not a domain controller in the cloud
• Does provide optional directory services
• Supports SAML, WS-Federation and Oauth
• Can sync with Active Directory Domain Services

Active Directory Domain Services

• Provides identity services
• Full-featured domain controller
• Manages machines using organizational units (OUs) and Group Policy Objects (GPOs)

Azure AD Connect

• Integrates on-premises directories with Azure Active Directory
• Composed of three primary components: