Windows Azure AD Now Federates with Windows Server

Microsoft announced today that Windows Azure's federation capabilities now support single sign-on capabilities in conjunction with the use of Active Directory (AD) on Windows Server.

The addition of this capability likely will simplify management tasks for IT pros. It also will make it easier for end users to tap services delivered via Windows Azure without having to face multiple sign-in portals. IT pros can connect users to Windows Azure services by using the permissions that they have already set up with Active Directory on their premises-based Windows Server installations.

Rob Sanfilippo, an analyst with the Directions on Microsoft independent consultancy, sees the integration as beneficial for independent software vendors and IT pros managing Windows Azure.

"I think this is a useful addition to Azure's capabilities, but I would stop short of calling it a major breakthrough," Sanfilippo stated via e-mail. "The users that will realize a benefit from on-premises Active Directory federation with the Azure Management Portal are developers working on Azure-based projects and IT personnel that manage an organization's Azure deployments. These users will gain the convenience of using their on-premises AD credentials to access the Azure Portal, which can eliminate the need to manage a separate Microsoft Account for that purpose. Also, Microsoft Accounts are geared more toward consumers, so providing AD account access to Azure is a step forward for organizations that need to manage identities that work with Azure by giving them tighter control over which users can access organizational Azure accounts and deployments."

The new Windows Azure Active Directory federation capability is available effective today, according to Microsoft's announcement. Microsoft uses its Windows Azure Active Directory capability with a number of its services, including Windows Azure itself and all its Office 365 services. Windows Azure Active Directory also is used with Microsoft's Windows Intune PC management service, as well as Windows Server Online Backup. The Windows Server Online Backup service is an option to add backup security for those running Windows Server 2012 or Windows Server 2012 Essentials.

Microsoft claims to have processed more than 200 billion authentications via Window Azure since its cloud-based authentication service was started last year. The authentication process happens when user login requests are sent to Windows Azure Active Directory. Federated identity refers to the process of using a management system on premises to create a single sign-on capability. Single sign-on lets users log in once to access applications or services that might not be locally housed.

The Windows Azure Active Directory federation capability lets IT pros tie access to Windows Azure services to the employee's status in the Windows Server Active Directory. So, removing an employee via Active Directory in the local environment will cut them off from accessing the Windows Azure Management Portal.

In addition, password polices can be set through Windows Server Active Directory, which will affect the Windows Azure Management Portal. That includes setting various password options in Active Directory, such as setting up two-factor authentication. User identities and passwords are processed at the organization's local Active Directory, so they aren't shared with, or validated at, Microsoft's cloud, according to Microsoft's announcement.

The federation process happens between domain-joined machines. IT pros can bypass some sign-in screens by appending the organization's domain name URL to the Windows Azure Management Portal's URL. Those details are outlined in Microsoft's announcement.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • 5 Steps To Fix Windows Indexing Problems

    The Windows indexing feature doesn't always deliver the correct results of a file search. Here are five troubleshooting steps you can take whenever Windows indexing acts up.

  • Microsoft Adding Simpler Microsoft 365 Admin Center Option for Small Businesses

    The Microsoft 365 Admin Center, used for setting up and managing various Microsoft services, is getting a more lightweight interface designed for "very small businesses," according to a Tuesday Microsoft announcement.

  • Microsoft Launches SharePoint Success Site Learning Tool

    Microsoft announced a new SharePoint Success Site template for SharePoint Online intranet users on Tuesday, adding another tool to better steer site creators.

  • Microsoft Removes Potential Snooping Capability from Productivity Score

    Microsoft announced on Tuesday that it is removing the ability to show user names from its newly released Productivity Score product.

comments powered by Disqus