The Schwartz Cloud Report

Blog archive

Microsoft Talks Up Active Directory as a Service

Identity management is a key focus in managing ensuring security in the cloud, a technology Microsoft has invested heavily in. The company has a major effort afoot to extend Active Directory, the widely used component of Windows Server for enterprise authentication and identity management, into the cloud.

Microsoft already lets users access Office 365, Dynamics CRM and Windows Intune services via its new Windows Azure Active Directory (WAAD), but its goal is to broadly offer cloud-based authentication and single sign-on as a service.

While the company has remained rather quiet about WAAD, it's starting to disseminate more information. For one, WAAD is not simply a port of the premises-based version of Active Directory bundled with Windows Server. That wouldn't provide the Internet scale and high availability to reliably offer such a service, explained Microsoft technical fellow John Shewchuk in a blog post last week. Here's the upshot:

To make the Active Directory service operate at extremely high scale and with very high availability (including the ability to do incremental servicing) and provide integrated disaster recovery, we made significant changes to the internal architecture of Active Directory and moved from a server-based system to a scale-out, cloud-based system. For example, instead of having an individual server operate as the Active Directory store and issue credentials, we split these capabilities into independent roles. We made issuing tokens a scale-out role in Windows Azure, and we partitioned the Active Directory store to operate across many servers and between data centers.

Beyond these architectural changes, it was also clear that we needed to reimagine how Active Directory would operate in the cloud. In talking with many developers, customers, and partners, we heard that they wanted us to enhance the ability for Active Directory to "connect" -- to the new Internet-based identities from Google, Facebook, and other social networks; to new SaaS applications; and to other cloud platforms.

This process has taken many years, Shewchuk noted. Now that it's baked into Office 365, Dynamics and Intune, select organizations are building applications using WAAD. One example he cites is easyJet in Europe, which is using WAAD and the Windows Azure Service Bus for passenger check-in and other tasks by gate managers.

In a follow-up post due to hit any day, Shewchuk said he will explain how Microsoft is looking to make it easier for developers to tie WAAD to their apps and use it to secure social enterprises.

Posted by Jeffrey Schwartz on 05/31/2012 at 1:14 PM


  • Microsoft Releases Windows 10 Version 1909

    Microsoft on Tuesday announced the release of Windows 10 version 1909, a new operating system product that's also known as the "Windows 10 November 2019 Update."

  • November Microsoft Security Bundle Addresses 75 Vulnerabilities

    Of that number, 13 vulnerabilities are rated "Critical" to patch, while 62 vulnerabilities are deemed "Important."

  • The Future of Office 365 Pricing

    With a raft of new Office 365 features in the pipeline, Microsoft also seems ready to change the way it bills its subscribers. Will it replicate Azure's pay-per-use model, or will it look like something else entirely?

  • Microsoft Offers 1 Year of Free Windows 7 Extended Security Updates to E5 Licensees

    Microsoft is offering one year of free support under its Extended Security Updates program to Windows 7 users if their organizations have E5 licensing.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.