Windows Azure AD Now Federates with Windows Server

Microsoft announced today that Windows Azure's federation capabilities now support single sign-on capabilities in conjunction with the use of Active Directory (AD) on Windows Server.

The addition of this capability likely will simplify management tasks for IT pros. It also will make it easier for end users to tap services delivered via Windows Azure without having to face multiple sign-in portals. IT pros can connect users to Windows Azure services by using the permissions that they have already set up with Active Directory on their premises-based Windows Server installations.

Rob Sanfilippo, an analyst with the Directions on Microsoft independent consultancy, sees the integration as beneficial for independent software vendors and IT pros managing Windows Azure.

"I think this is a useful addition to Azure's capabilities, but I would stop short of calling it a major breakthrough," Sanfilippo stated via e-mail. "The users that will realize a benefit from on-premises Active Directory federation with the Azure Management Portal are developers working on Azure-based projects and IT personnel that manage an organization's Azure deployments. These users will gain the convenience of using their on-premises AD credentials to access the Azure Portal, which can eliminate the need to manage a separate Microsoft Account for that purpose. Also, Microsoft Accounts are geared more toward consumers, so providing AD account access to Azure is a step forward for organizations that need to manage identities that work with Azure by giving them tighter control over which users can access organizational Azure accounts and deployments."

The new Windows Azure Active Directory federation capability is available effective today, according to Microsoft's announcement. Microsoft uses its Windows Azure Active Directory capability with a number of its services, including Windows Azure itself and all its Office 365 services. Windows Azure Active Directory also is used with Microsoft's Windows Intune PC management service, as well as Windows Server Online Backup. The Windows Server Online Backup service is an option to add backup security for those running Windows Server 2012 or Windows Server 2012 Essentials.

Microsoft claims to have processed more than 200 billion authentications via Window Azure since its cloud-based authentication service was started last year. The authentication process happens when user login requests are sent to Windows Azure Active Directory. Federated identity refers to the process of using a management system on premises to create a single sign-on capability. Single sign-on lets users log in once to access applications or services that might not be locally housed.

The Windows Azure Active Directory federation capability lets IT pros tie access to Windows Azure services to the employee's status in the Windows Server Active Directory. So, removing an employee via Active Directory in the local environment will cut them off from accessing the Windows Azure Management Portal.

In addition, password polices can be set through Windows Server Active Directory, which will affect the Windows Azure Management Portal. That includes setting various password options in Active Directory, such as setting up two-factor authentication. User identities and passwords are processed at the organization's local Active Directory, so they aren't shared with, or validated at, Microsoft's cloud, according to Microsoft's announcement.

The federation process happens between domain-joined machines. IT pros can bypass some sign-in screens by appending the organization's domain name URL to the Windows Azure Management Portal's URL. Those details are outlined in Microsoft's announcement.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Spaceflight Training in the Middle of a Pandemic

    Surprisingly, the worldwide COVID-19 lockdown has hardly slowed down the space training process for Brien. In fact, it has accelerated it.

  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.