The Schwartz Report

Blog archive

TechEd 2013: Windows Azure AD Serves Up Big Numbers


More on this topic:


In the first two months since Microsoft released Windows Azure Active Directory, it has processed 265 billion authentication requests from around the world -- or 9,000 requests per second -- while customers have created 420,000 unique domains.

Brad Anderson, Microsoft's corporate vice president for Windows Server and Systems Center, revealed those stats in his keynote address at TechEd 2013 in New Orleans, which kicked off Monday and runs through tomorrow.

"Everything starts with the identity of that user inside of Active Directory," Anderson told TechEd attendees. "We've now cloud optimized Active Directory with Windows Azure Active Directory, so now we can extend your capabilities of Active Directory to the cloud with you in complete control about what you want to have appear inside that Azure Active Directory."

Microsoft released Windows Azure Active Directory in early April following a nine month preview and is offering it free of charge. It's the same directory users authenticate with to access Office 365, Windows Intune and now Windows Azure. Prior to the release of Windows Azure Active Directory, Windows Azure users had to authenticate with their Live IDs, which Microsoft is now phasing out in favor of what it generically calls the Microsoft account.

While administrators in organizations of all sizes can now synchronize identities in Windows Server Active Directory with Windows Azure Active Directory using Microsoft's DirSync, there are limitations. At the recent Visual Studio Live! conference in Chicago, Windows Azure MVP Michael Collier, who is a cloud architect at Aditi Technologies, warned developers that Windows Azure Active Directory doesn't support the management of devices, printers or Group Policy. "It's more targeted around users, authentication and properties for those users," Collier said during a talk on Windows Azure Active Directory.

"You're not going to enforce Group Policy today with Windows Azure Active Directory, added Eric Boyd, also a Windows Azure MVP and CEO of Chicago-based responsiveX. "You don't join your machines in your domain to a Windows Azure Active Directory like you do an Active Directory on premise," Boyd explained.

While customers have indicated they'd like to see Group Policy in Windows Azure Active Directory, Boyd is urging them not to expect it anytime soon. "There are certainly challenges with doing that, if that's the only source of authentication for your company," he said.

In an interview with Microsoft's Anderson, I asked what the future holds for Group Policy in Windows Azure Active Directory, since it was a topic that has come up in frequent interviews. "With that cloud-optimized mobile device management solution you get Group Policy-like capabilities like setting your network and your wireless settings and setting a power-on password encryption," Anderson said. "Think about Azure Active Directory, Windows Intune, as well as Office 365, really driving the move toward these software-as-a-service [aspects] delivered from Azure with capabilities like lightweight policy management coming with Windows Intune."

Lightweight policy management in Windows Intune is one thing I pressed him on -- whether full Group Policy available on premise would come to Windows Azure Active Directory. His response: "I see doing a much more light version of Group Policy but right now we're delivering that through Windows Intune," he emphasized. "So think about these things as all inter-related and things we are building on together. So as we think about Azure Active Directory and Intune, we're doing common planning and engineering milestones across those two things."

I'll take that as a maybe. How does Windows Azure Active Directory fit into your enterprise identity management? Drop me a line at [email protected].


Posted by Jeffrey Schwartz on 06/05/2013 at 1:15 PM


comments powered by Disqus

Subscribe on YouTube