If your organisation has Office 365 with Enterprise Mobility Suite (EMS), you’re probably already familiar with Intune, Microsoft’s solution for mobile device and application management.
You can use EMS as a Single Sign on Solution to over 1200 Software as a Service Cloud Applications such and salesforce and box across devices and browsers
Active Directory Premium gives you full Active Directory into the cloud so you don't need local servers for management of Active Directory , see here for a full list of differences
Group membership can be requested by users to the groups Owner and this can be approved from the cloud
User Password resetting can be done in the cloud and automated to be self service to reduce the time for users to fix their issues and load on helpdesk staff
Intune is also your go-to solution for managing shared tablets in limited-use mode. With Intune, you can bulk provision, secure, and centrally manage shared tablets configured to run in limited-use mode.
This makes IT’s a job a lot easier: you don’t have to configure settings on individual tablets, and you don’t have to do anything differently than you would for devices not in limited-use mode. With Intune, your transactions, inventory, and other information are protected, no matter what your tablets are used for.