It’s a BIG day here in the Active Directory team.
As ScottGu announced in his blog post, we’ve just GA’d the Application Access Enhancements for Windows Azure Active Directory. This is a HUGE milestone for us on our path to delivering the world’s richest cloud based identity management service.
In addition to these GA features, today we’ve also turned on the first preview of Windows Azure Active Directory Premium, a version of Azure AD designed to meet the identity needs of enterprises.
Application Access Enhancements is now GA
As I blogged about yesterday, we’ve been working hard to integrate with more and more SaaS applications. Since July we’ve completed integrations of Windows Azure AD with more than 500 applications and we are now adding 3-4 new applications a day. In addition, we’ve also completed our early customer previews and end-to-end testing and certification.
Now that we’ve reached this point, we’re making application access generally available. Starting today, every organization in the world can manage access to their SaaS apps, all at no charge.
These enhancements include:
- SSO to the 500+ app we integrate with
- Application access assignment and removal
- User provisioning and de-provisioning
- Basic security reporting
- Our Application Access Panel
Windows Azure Active Directory Premium
As I mentioned above, today we’re starting the public preview of Windows Azure Active Directory Premium.
Our goal with Windows Azure Active Directory Premium is to provide a robust set of capabilities tailored to meet the demanding identity and access management needs of enterprises. This is the first of several previews of Windows Azure AD Premium and includes:
- Self-service password reset for users: Whenever employees forget their password, Windows Azure AD gives them a self-service way to reset their password rather than having to call your helpdesk. (Note: Today we are previewing this for cloud only passwords. In an upcoming preview we’ll add the option to use this to reset on-premises passwords as well.)
- Group-based provisioning and access management to SaaS apps: You can leverage existing groups that have been synced in from your on-premises Active Directory to assign users access in bulk to SaaS apps and to automate the ongoing assignment of users to apps.
- Customizable access panel: Organizations can now customize the app access panel for their employees with company logos and color schemes.
- Machine learning based security monitoring and reports: Azure AD premium using advance machine learning systems to monitor and protect access to your cloud applications and provides detailed security reports showing anomalies and inconsistent access patterns. You can view logins by users who logged in from unknown sources, logins that occurred after multiple failures and logins from multiple geographies in short timespans. Security reports will help you gain new insights to improve access security and respond to potential threats.
And this is only the first preview so this is not an exhaustive list of features — Windows Azure Active Directory Premium will continue to grow and evolve to embrace the hybrid world of devices and cloud services.
During this public preview we’re starting, Windows Azure Active Directory Premium features are available at no charge. At the end of the preview the Premium offering will be converted to a paid service. And we’ll let you know the final pricing at least 30 days prior to the end of the free public preview period. Of course the basic Windows Azure Active Directory will continue to remain free.
You can log on to and sign up for Windows Azure Active Directory and start using these features in preview at no charge. To evaluate this preview, navigate to Windows Azure Preview Feature page and add Windows Azure Active Directory Premium to your subscription by clicking “try it now“, selecting the “Free Trial” subscription and confirming by clicking on the check on the bottom right.
Figure 4: Opting into the Azure AD Premium Preview
Then, in the Windows Azure Management Portal, select a directory where you want to use the Windows Azure Active Directory Premium features. (You can add the features to multiple directories if you wish).
Figure 5: Navigating in a specific directory
On the configure tab of the directory, move the slider for Premium features to enabled,
Figure 6: Enabling Azure AD Premium in a directory
This will cause new premium features, such as enabling a password reset policy for end users, to be enabled on that directory.
Figure 7: Password reset policy enabled.
There are a lot of new capabilities going into Windows Azure AD Premium. In upcoming posts we’ll cover more details on self-service password reset, tenant branding, assigning users, the advanced reports and additional features – so stay tuned! In the meantime, let us know if you have any questions, and you can give us your feedback at the Windows Azure AD Forum.
Alex Simons (twitter: Alex_A_Simons)
Director of Program Management