Is Windows Azure Active Directory for You?

Microsoft has significantly enhanced its cloud portfolio with the release of Windows Azure Active Directory. Available in three editions—Free, Basic, and Premium—Azure AD starts where Windows Server AD leaves off, providing identity and access management capabilities for a wide range of applications and services across on-premises, hybrid, and cloud environments.

With Azure AD, administrators can centrally manage users and groups, control what information is stored in the directory, specify who can access and modify this information, and define which applications and services can connect to the directory. Azure AD works with a variety of platforms and devices as well as supports single sign-on (SSO), multifactor authentication, and integration with on-premises Windows Server AD.

Built on a rich, standards-based platform, Azure AD delivers authentication and access control to nearly 2500 software as a service (SaaS) applications—such as Salesforce, Citrix, Office 365, Dropbox for Business, Google Apps, and Cisco WebEx—with plenty of more services on their way.

Developers can also integrate their apps with Azure AD by taking advantage of such interfaces as the REST-based Graph API. In this way, their apps can support SSO as well as access and update directory information (with the proper authorization), making it easier than ever to host enterprise apps in the cloud.

Organizations looking to cloud-based directory services can use Azure AD as either a stand-alone service or as an extension to their on-premises Active Directory (through the directory syncing and SSO capabilities inherent in Azure AD).

Keep in mind, however, that Azure AD is a full-fledged multi-tenant cloud service managed by Microsoft. It is not Windows Server AD running on Azure virtual machines, nor is it meant as a replacement for on-premises Active Directory. Windows Server AD is a mature, complex, multi-tiered directory service that facilitates access to on-premises network resources. Azure AD is concerned primarily with integrating cloud services into the enterprise infrastructure. It doesn’t have the power or the agility you find with Windows Server AD, but it does have a much further reach.

Azure AD can help you extend your on-premises Active Directory domain into the cloud to provide access to multiple platforms and devices across organizational boundaries, while protecting and facilitating access to cloud applications and services. This can be especially useful to organizations supporting those “deskless” employees not tied to a traditional workstation and who do not fit neatly into the Windows Server AD domain paradigm.

Despite Azure AD’s integration capabilities with Windows Server AD, some organizations might need only the cloud services. Startups, for example, might rely heavily on Google Apps or Office 365—along with other cloud services—to support their everyday operations. Consequently, they have not implemented Active Directory on-premises. Azure AD can help them manage their users and control access to cloud services, without having to invest in a costly physical infrastructure.

As promising as Azure AD sounds, whether using it as a stand-alone solution or as an extension to on-premises Active Directory, it is still a cloud service and as such carries with it the same concerns for security, privacy, and reliability that come with any such service. In fact, there might have reason for greater concern, given that directory services sit at the heart of identity and access management. If such a system becomes compromised, the consequences can be disastrous.

Even so, Microsoft has a lot at stake to ensure its systems don’t get breached and that customer data is protected and available at all times. No service provider, no matter how large or small, can afford a tarnished reputation, and Microsoft is no exception.