Azure Active Directory and Sync Use Profiled by Microsoft

Microsoft today offered a snapshot of its Azure Active Directory service and how organizations are using it, based on October stats.

Organizations are mostly (46 percent) using Active Directory Federation Services (a Windows Server role enabling single sign-on access) to connect with Azure AD, followed by Microsoft's Password Hash Sync service (25 percent). Microsoft found that 21 percent were "cloud only" Azure AD users, according to an announcement by Alex Simons, director of program management for the Microsoft Identity Division.

Third-party (non-Microsoft) solutions in use included Ping Federate (2 percent) and other third-party services such as "Centrify, Okta or OneAuth" were at 2 percent as well, plus there were third-party federation servers in use at 1 percent. Other connections used included identity-as-a-service (2 percent) and syndication partners (1 percent).

Simons described Ping as "the fastest growing and most popular third-party option." Its growth perhaps was bolstered by the partnership the two companies established in which Ping Identity's PingAccess technology was integrated into Microsoft's Azure AD Premium service back in March. Organizations needing to connect Web applications that require headers for authentication (such as NetWeaver, PeopleSoft and WebCenter apps) typically might use this integrated PingAccess technology.

Microsoft had 950 million Azure AD users in October. More than 50 percent of them are larger organizations that always synchronize their local Active Directory with Azure AD. The organizations that are pure Azure AD users and that don't use some form of synchronization with Microsoft's cloud-based identity and access management service are mostly smaller organizations, Simons explained.

Microsoft has seen some success getting users to switch from its older Windows Azure Active Directory Sync (DirSync) and Azure AD Sync tools to its newer Azure AD Connect service. The Azure AD Connect service is supposedly an easier method for setting up such connections, and Microsoft stopped supporting DirSync and Azure AD Sync back in April.

While more than 180,000 tenancies synchronized their local Active Directories with Azure AD, more than 170,000 of that number used the Azure AD Connect service to accomplish that task. Simons indicated that 90 percent of Azure AD tenancies now sync using the Azure AD Connect tool. In contrast, the DirSync tool was used by just 7 percent. Microsoft Identity Manager or Forefront Identity Manager was used by 1.9 percent of the Azure AD tenancies.

Another notable finding was the use of Azure AD Pass-Through Authentication, which had 500,000 monthly active users in October, even though it hit "general availability" commercial release status in that month. Azure AD Pass-Through Authentication uses an organization's Active Directory to validate user passwords, permitting access to both local applications and external services. Supposedly, using the combination of Azure AD Pass-Through Authentication and Seamless Single Sign-On is easier to set up than using Active Directory Federation Services to enable single sign-on access to apps by end users.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Microsoft Nabs IoT Platform Provider Express Logic

    As part of its plan to invest $5 billion in IoT technologies, Microsoft this week acquired Express Logic, which provides real-time operating systems for industrial embedded and IoT devices.

  • Dealing with Broken Dependencies in SCVMM

    Brien shows you how to resolve some broken, template-related dependencies in Microsoft's System Center Virtual Machine Manager.

  • AzCopy Preview Adds AWS S3 Data Transfer Improvements

    Microsoft announced this week that it has improved the preview version of its AzCopy tool to better handle Amazon Web Services (AWS) S3 data.

  • Microsoft Adding Google G Suite Migration in Exchange Admin Center

    Microsoft's Exchange Admin Center will be getting the ability to move Google G Suite calendar, contacts and e-mail data over to the Office 365 service "in the coming weeks."

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.