The Schwartz Report

Blog archive

TechEd 2013: Windows Azure AD Serves Up Big Numbers


More on this topic:


In the first two months since Microsoft released Windows Azure Active Directory, it has processed 265 billion authentication requests from around the world -- or 9,000 requests per second -- while customers have created 420,000 unique domains.

Brad Anderson, Microsoft's corporate vice president for Windows Server and Systems Center, revealed those stats in his keynote address at TechEd 2013 in New Orleans, which kicked off Monday and runs through tomorrow.

"Everything starts with the identity of that user inside of Active Directory," Anderson told TechEd attendees. "We've now cloud optimized Active Directory with Windows Azure Active Directory, so now we can extend your capabilities of Active Directory to the cloud with you in complete control about what you want to have appear inside that Azure Active Directory."

Microsoft released Windows Azure Active Directory in early April following a nine month preview and is offering it free of charge. It's the same directory users authenticate with to access Office 365, Windows Intune and now Windows Azure. Prior to the release of Windows Azure Active Directory, Windows Azure users had to authenticate with their Live IDs, which Microsoft is now phasing out in favor of what it generically calls the Microsoft account.

While administrators in organizations of all sizes can now synchronize identities in Windows Server Active Directory with Windows Azure Active Directory using Microsoft's DirSync, there are limitations. At the recent Visual Studio Live! conference in Chicago, Windows Azure MVP Michael Collier, who is a cloud architect at Aditi Technologies, warned developers that Windows Azure Active Directory doesn't support the management of devices, printers or Group Policy. "It's more targeted around users, authentication and properties for those users," Collier said during a talk on Windows Azure Active Directory.

"You're not going to enforce Group Policy today with Windows Azure Active Directory, added Eric Boyd, also a Windows Azure MVP and CEO of Chicago-based responsiveX. "You don't join your machines in your domain to a Windows Azure Active Directory like you do an Active Directory on premise," Boyd explained.

While customers have indicated they'd like to see Group Policy in Windows Azure Active Directory, Boyd is urging them not to expect it anytime soon. "There are certainly challenges with doing that, if that's the only source of authentication for your company," he said.

In an interview with Microsoft's Anderson, I asked what the future holds for Group Policy in Windows Azure Active Directory, since it was a topic that has come up in frequent interviews. "With that cloud-optimized mobile device management solution you get Group Policy-like capabilities like setting your network and your wireless settings and setting a power-on password encryption," Anderson said. "Think about Azure Active Directory, Windows Intune, as well as Office 365, really driving the move toward these software-as-a-service [aspects] delivered from Azure with capabilities like lightweight policy management coming with Windows Intune."

Lightweight policy management in Windows Intune is one thing I pressed him on -- whether full Group Policy available on premise would come to Windows Azure Active Directory. His response: "I see doing a much more light version of Group Policy but right now we're delivering that through Windows Intune," he emphasized. "So think about these things as all inter-related and things we are building on together. So as we think about Azure Active Directory and Intune, we're doing common planning and engineering milestones across those two things."

I'll take that as a maybe. How does Windows Azure Active Directory fit into your enterprise identity management? Drop me a line at [email protected]


Posted by Jeffrey Schwartz on 06/05/2013 at 1:15 PM


  • Spaceflight Training in the Middle of a Pandemic

    Surprisingly, the worldwide COVID-19 lockdown has hardly slowed down the space training process for Brien. In fact, it has accelerated it.

  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.