Azure Active Directory Domain Services Goes Live
Microsoft this week announced that its Azure Active Directory Domain Services is commercially available.
The service, which facilitates authenticating access to so-called "legacy" apps running on Azure virtual machine infrastructure, has reached the "general availability" milestone. The new service had been at the preview stage since last year, with a recent update in May. Microsoft had more than 5,700 customers test the preview, according to its announcement.
Microsoft charges hourly rates for organizations using Azure AD Domain Services, depending on the tier and number of directory objects in a tenant, according to its pricing page. The rates listed there will be in effect on Dec. 1.
Authentication for Older Apps
The idea behind Azure AD Domain Services is to make it easier for organizations to use Azure virtual machines to run applications that don't use newer authentication protocols (such as OAuth 2.0, SAML, OIDC and REST). Organizations could rewrite those older apps to work with the Azure platform as a service. They also could try to move those applications to the cloud, using Azure infrastructure as a service.
However, instead of building domain controllers in the cloud or on premises to support user authentications for these apps, organizations can instead subscribe to Azure AD Domain Services. It simplifies management because Microsoft maintains the domain controller infrastructure, including automatic backups, according to an Ignite presentation by Mahesh Unnikrishnan, a program manager at Microsoft's Identity Division. He offered this slide listing the benefits of Azure AD Domain Services:
Microsoft described Azure AD Domain Services as supporting "managed domain services such as domain join, group policy, LDAP, & Kerberos/NTLM authentication that are fully compatible with Windows Server Active Directory." Users can sign into applications using their corporate credentials. The service will work with "existing groups and user accounts," according to Microsoft.
The new Azure AD Domain Services includes a number of improvements since the last preview release. It supports secure LDAP (Lightweight Directory Access Protocol over Secure Sockets Layer/Transport Layer Security). Custom Organizational Units (which are containers for users, groups, etc.) are supported. RedHat Linux virtual machines can be joined to an organization's domain.
The announcement listed a bunch more improvements. The rationales for using Azure AD Domain Services are described in this "Deployment scenarios" document, published by Microsoft.
Microsoft is planning a future update to the service that will enable the management of Azure AD Domain Services via Azure Resource Manager. The Azure portal will also get future user interface enhancements along those lines, Microsoft is promising.
Azure AD PowerShell 2.0 Preview
In other Azure AD news this week, Microsoft announced a preview of Azure AD PowerShell 2.0. This preview will eventually supplant Microsoft's current Azure AD PowerShell MSOL cmdlet library. The new library will have a different naming convention, namely using the "Azure AD" label. This name change will affect future Azure AD PowerShell scripting. For example, a cmdlet currently named "New-MSOLUser" will eventually be expressed as "New-AzureADUser," Microsoft explained, in its announcement.
The Azure AD PowerShell 2.0 preview is also being designed to be better aligned with Microsoft Graph API capabilities. Consequently, Microsoft will keep "the names of objects and parameters as close as possible to what is used in Graph API."
Azure AD PowerShell 2.0 includes a new "SearchString" parameter to search for data within a directory. There are also new cmdlets for managing token lifetime settings, a new Azure AD feature that's currently at the preview stage. In addition, the new Azure AD PowerShell 2.0 preview has new cmdlets for certificate authority management, among other improvements.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.