Diaxion IT Strategy & Optimisation
+61 (0)2 9043 9200

Microsoft Azure Active Directory

Whether it is for business or personal use, the IT industry is being flooded with cloud offers and options of late. It is impossible not to want to know more about it and at the same time seemingly near impossible to keep up. Microsoft have a habit of offering you updates and options which force you to think – do I need this? How will I benefit from it? Does this make my current environment on the out? Only to find that it is the only option going forward and if you want to continue to use their product then pay and upgrade. With the introduction of Azure Active Directory, it is only natural for any business with a Microsoft domain based environment to want answers to those questions for the cloud based service.
It is easy to get confused with what Azure AD is, what it does and doesn’t do. Unlike the purpose of Office 365 or other PaaS and IaaS offerings, Azure AD is not intended to replace your current Windows Server Active Directory (not to say Microsoft won’t change their mind about that at some future stage). Azure AD is not Windows Server Active Directory running on Virtual Machines in Azure. You don’t need to build a server and you don’t need a domain controller within Azure to use it. Its main purpose is to offer identity and access capabilities for Azure applications and for applications running in an on premise environment.

Azure AD can in some generally smaller cases serve as a company’s only user directory service. It would be ideal for a start-up business that doesn’t have an on premise Windows Server Active Directory. In a scenario such as this, an organisation can simply rely on Office 365 and other SaaS applications to conduct its business and manage its user’s identity and access to SaaS applications, all online.
Most commonly of course the main use case for Azure AD is companies looking to integrate their existing on premise domain with cloud applications. This means, if you have an on premise AD, it can be extended to the cloud using the directory capabilities of Azure AD. In this scenario, users and groups in the on-premises directory are synced to Azure AD using a tool such as Azure AD Connect. This way users can authenticate against Windows Server Active Directory when accessing on premise applications and resources, and authenticate against Azure AD when accessing cloud applications using the same credentials in both scenarios.

There is no doubt about it that Microsoft want you to start integrating your on premise AD with Azure AD in the view that their future is potentially entirely accessed from their cloud. For example, take a look at Windows 10 now. It is loaded with a whole lot of new capabilities to entice you to integrate with Azure AD. It now supports joining devices such as iOS, Android and Windows devices to Azure AD as an alternative to your own corporate AD. The functionality differs significantly between an Azure AD joined device and one connected to a traditional AD as the Windows 10 device becomes managed through Azure AD and Microsoft’s mobile device management (MDM) tools rather than Group Policy. The big benefit for Azure AD users is that authentication to the user portal is seamless as the user is already authenticated to the device, and Windows 10 apps such as Mail and Calendar will recognise if an Office 365 account is available and be automatically configured.
Another major integration point for Azure AD is for customers using Exchange 2013 for their mail services, particularly for those using Exchange or Exchange Online in conjunction with Office 365 in a hybrid situation. On installation, Azure AD Connect will recognise additional schema attributes that indicate an Exchange installation and will automatically synchronise these attributes. Azure AD also has the ability to synchronise Office 365 groups back to AD as distribution groups.

To assist with application management Azure AD has introduced a unique and useful tool called Cloud App Discovery. It is available as part of Azure AD Premium and enables you to discover SaaS apps that are being used most commonly within your organisation. The tool will assist in finding the apps, identify specific app users, measure user usage, volume of traffic or number of web requests to the app, and then bring the app under IT control and enable single sign on for user management. An innovative step forward in controlling unauthorised access to corporate data, data leakage and other security risks.
For the user, the portal is not too different to much of the competition, offering a grid of application icons directing users to single sign-on (SSO) apps. If admins choose, the Azure AD user portal can be configured to allow self-service actions such as password resets, application requests, or group membership requests and approvals. Office 365 subscribers have the added benefit of being able to add SSO applications to the Office 365 app menu, providing convenient access to critical business apps from within Outlook or other Office 365 offerings.

Microsoft were not the first to introduce cloud services to the world so Azure AD although very much in working order, is still also very much in development and changing at a rapid rate. This is very good news for Microsoft users though as you can bet they are going to develop a cloud offering that is most useful and attractive to their loyal customers. At the moment, the service covers the majority of core features you would look for in an Identity-as-a-Service (IDaaS) provider while bringing with it some innovative enterprise level tools. It is entirely environment dependent on whether it will suit your organisation but if you are a Microsoft shop then it would be very wise to get started on it now. You are probably already using some form of Microsoft cloud offering and it might not be long before they are making Azure AD the only AD option