Last March I published a blog post with data on how organizations were choosing to connect their on-premises identities (in Windows Server Active Directory) to their cloud identities (in Azure Active Directory). This popular post (over 20k people have viewed it) generated a lot of positive feedback. Recently I’ve received many requests for a similar blog with updated numbers now that Azure AD Connect has been GA for six months.
Azure AD Connect Momentum
Let’s start with the biggest news we have to share: After only 6 months in market Azure AD Connect is being used to synchronize with more than 24k Azure AD Tenants. We’re really excited about the strong growth here!
To put this in perspective, every month more organizations start using Azure AD Connect than the total number of organizations who have ever used a third party sync solution with Azure AD and Office 365.
Synching users to Azure AD
Now, let’s move on to some more new/updated data.
As of December 30th, there are now 8.24M tenants in Azure AD and over 550M users (up from 4.9M and 430M nine months ago).
- The majority of these tenants are small businesses with <500 user accounts and are not synchronizing from an on-premises Windows Server Active Directory.
- A minority of those 8.24M tenants have >500 user accounts, but because they are comparatively large, they account for 91% of all the identities in Azure AD.
Of those larger tenants:
- 75% use a Microsoft sync solution (Azure AD Connect or its predecessors)
- 21% use PowerShell or the Office365/Azure Admin portal.
- 3% use a 3rd party cloud service
- 1% use a homegrown or custom solution
Fig 1: How organizations with >500 employees Provision users in Azure AD
This data is interesting! First, it shows you that Azure AD Connect is becoming very broadly adopted. It also shows that, compared to 9 months ago, the percent of larger organizations who are using a pre-packaged synchronization solution to provision users into Azure AD has grown from 57% to 78%. Based on feedback from customers and partners we believe this shift is due to the simplicity of Azure AD Connect and the increasing number of large enterprise class customers adopting Azure AD Premium and Office 365.
Authenticating with Azure AD
Last March when I blogged, Azure Active Directory was averaging just over 1 billion authentications a day. Today we’re averaging over 1.3B authentications a day.
Of those 1.3B daily authentications:
- 45% are cloud only and completed directly by Azure AD (down from 56% in March).
- 37% are federated and completed by an ADFS server at a customer site (up from 32% in March).
- 18% are completed using a password hash that was synced from on-premises to the cloud using AAD Connect or one of its predecessors (up from 7% in March).
- 1% are completed by a syndication partner (large companies who resell Microsoft services)
- Just under 1% are completed by a 3rd party federation server (i.e. Ping Federate, CA Site Minder, etc.)
- Just under 1% are completed by a 3rd party identity service (a company like Centrify, Okta, OneLogin, etc.)
- The remaining 1% are completed by a custom or open source identity server
(Note: These don’t sum to 100% due to rounding errors)
Fig 2: Breakdown of how Azure AD Authentications are completed
Interesting data here as well. The share of authentications completed using Password sync has more than doubled compared to a year ago and ADFS has also picked up 4 points of share as well while the number of cloud only authentications has decreased and the use of third party solutions has held steady at < 4% of the total.
Based on this data, we can draw a few key conclusions:
- 75% of tenants with >500 user employees using Azure AD/Office 365 are synchronizing their on-premises Windows Server Active Directory with Azure Active Directory up from 59% nine months ago.
- 25k organizations are now using Azure AD Connect for that purpose and it is far and away the fastest growing solution.
- The use of ADFS with Azure AD/Office 365 continues to grow. It now accounts for 36% of all authentications (up from 32% nine months ago).
- Password sync is the fastest growing method of authentication. It accounts for 17% of all authentications (up from 7% nine months ago).
- The use of third party synchronization and authentication solutions with Azure AD/Office 365 remains flat at ~4% for both sync and authentications.
Like last time, these numbers tell a pretty clear story. We’ve designed Azure AD to be open and standards based so our customers can use a wide variety of third party options. However, the majority of customers find that our “off the shelf” identity solutions meet their needs. Additionally, the data also shows that the level of simplicity we’ve delivered with Azure AD Connect is having a big impact. The solution is being widely adopted and is far and away the fastest growing option for connecting Windows Server AD and Azure AD/Office 365.
Hopefully you found this blog post interesting and useful! And as always, we’d love to receive any feedback or suggestions you have.
Alex Simons (Twitter: @Alex_A_Simons)
Director of PM
Microsoft Identity Products and Services