Windows Azure AD Now Federates with Windows Server

Microsoft announced today that Windows Azure's federation capabilities now support single sign-on capabilities in conjunction with the use of Active Directory (AD) on Windows Server.

The addition of this capability likely will simplify management tasks for IT pros. It also will make it easier for end users to tap services delivered via Windows Azure without having to face multiple sign-in portals. IT pros can connect users to Windows Azure services by using the permissions that they have already set up with Active Directory on their premises-based Windows Server installations.

Rob Sanfilippo, an analyst with the Directions on Microsoft independent consultancy, sees the integration as beneficial for independent software vendors and IT pros managing Windows Azure.

"I think this is a useful addition to Azure's capabilities, but I would stop short of calling it a major breakthrough," Sanfilippo stated via e-mail. "The users that will realize a benefit from on-premises Active Directory federation with the Azure Management Portal are developers working on Azure-based projects and IT personnel that manage an organization's Azure deployments. These users will gain the convenience of using their on-premises AD credentials to access the Azure Portal, which can eliminate the need to manage a separate Microsoft Account for that purpose. Also, Microsoft Accounts are geared more toward consumers, so providing AD account access to Azure is a step forward for organizations that need to manage identities that work with Azure by giving them tighter control over which users can access organizational Azure accounts and deployments."

The new Windows Azure Active Directory federation capability is available effective today, according to Microsoft's announcement. Microsoft uses its Windows Azure Active Directory capability with a number of its services, including Windows Azure itself and all its Office 365 services. Windows Azure Active Directory also is used with Microsoft's Windows Intune PC management service, as well as Windows Server Online Backup. The Windows Server Online Backup service is an option to add backup security for those running Windows Server 2012 or Windows Server 2012 Essentials.

Microsoft claims to have processed more than 200 billion authentications via Window Azure since its cloud-based authentication service was started last year. The authentication process happens when user login requests are sent to Windows Azure Active Directory. Federated identity refers to the process of using a management system on premises to create a single sign-on capability. Single sign-on lets users log in once to access applications or services that might not be locally housed.

The Windows Azure Active Directory federation capability lets IT pros tie access to Windows Azure services to the employee's status in the Windows Server Active Directory. So, removing an employee via Active Directory in the local environment will cut them off from accessing the Windows Azure Management Portal.

In addition, password polices can be set through Windows Server Active Directory, which will affect the Windows Azure Management Portal. That includes setting various password options in Active Directory, such as setting up two-factor authentication. User identities and passwords are processed at the organization's local Active Directory, so they aren't shared with, or validated at, Microsoft's cloud, according to Microsoft's announcement.

The federation process happens between domain-joined machines. IT pros can bypass some sign-in screens by appending the organization's domain name URL to the Windows Azure Management Portal's URL. Those details are outlined in Microsoft's announcement.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Old Stone Wall Graphic

    Microsoft Addressing 36 Vulnerabilities in December Security Patch Release

    Microsoft on Tuesday delivered its December bundle of security patches, which affect Windows, Internet Explorer, Office, Skype for Business, SQL Server and Visual Studio.

  • Microsoft Nudging Out Classic SharePoint Blogs

    So-called "classic" blogs used by SharePoint Online subscribers are on their way toward "retirement," according to Dec. 4 Microsoft Message Center post.

  • Datacenters in Space: OrbitsEdge Partners with HPE

    A Florida-based startup is partnering with Hewlett Packard Enterprise in a deal that gives new meaning to the "edge" in edge computing.

  • Windows 10 Hyper-V vs. Windows Server Hyper-V: Which Platform for Which Workloads?

    The differences between these two Hyper-V versions are pretty significant, depending on what you plan to use them for. Here's a quick rundown of each platform, from their features to licensing quirks to intended use cases.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.