This document discusses three often overlooked capabilities in Azure Active Directory (Azure AD): Azure AD Domain Services, Azure AD App Proxy, and Azure Managed Service Identity. Azure AD Domain Services allows organizations to set up an Active Directory domain in Azure that can be joined by virtual machines for authentication using Kerberos and NTLM. Azure AD App Proxy enables secure remote access to on-premises web apps by routing traffic through the Azure AD proxy service. Managed Service Identity provides a way for Azure resources like virtual machines to authenticate to Azure services without needing credentials stored in the resource.