Step-by-Step: Get Started with Windows Azure Active Directory (WAAD) and Multi-Factor Authentication

Managing user credentials and application access is becoming more-and-more difficult in today's "cloud era".  In addition to managing access to traditional on-premises applications, we're also faced with managing access to numerous 3rd party cloud-based applications - many of which default to managing identities on an app-by-app basis.  And ... securing all of those discrete identities with passwords alone is getting quickly outdated as increasingly sophisticated password attacks are hitting the news on a regular basis.

Luckily, Windows Azure gives us the ability to easily gain visibility and centralized control over "cloud era" identity management via two offerings: Windows Azure Active Directory (WAAD) and Windows Azure Multi-Factor Authentication (MFA).  In this article, I’ll provide a set of resources that you can use to get started exploring and  leveraging Windows Azure Active Directory and Multi-Factor Authentication for your applications …

What is Windows Azure Active Directory?

Windows Azure Active Directory ( WAAD ), a cloud-friendly REST-based implementation of Active Directory for identity management of cloud applications, is available for production cloud apps as a FREE service.  WAAD provides consistent centralized identity management for Microsoft Office 365, Windows Intune, over 580+ commercial SaaS applications and your own cloud-based applications.  To support unified identity management with traditional on-premises applications, WAAD can also be integrated with Windows Server Active Directory via DirSync and Active Directory Federation Services ( ADFS ) gateway components.

In addition to the free service tier, there's also a Windows Azure Active Directory Premium offering ( currently available as a Public Preview ) that adds support for group-based application access management, advanced machine learning-based security reports, and a customizable application access portal with self-service password reset. You can learn more about activating this Premium offer at the below link location.

How does WAAD work with Windows Server Active Directory?

Watch this quick whiteboard video that introduces Windows Azure Active Directory and how it can integrate with Windows Server Active Directory.

Download this video for offline viewing.

Secure Multi-Factor Authentication

Secure application authentication for both cloud-based apps and on-premises apps is becoming increasingly important, and it's quickly getting to the point where password-based authentication alone is just not "secure enough" for many apps and organizations.

Windows Azure Multi-Factor Authentication (MFA) is an additional cost-effective paid service, currently priced at $2 USD per user per month, that can be leveraged with both Windows Azure Active Directory and Windows Server Active Directory to quickly add multi-factor authentication to cloud-based apps and on-premises apps. Windows Azure MFA extends authentication to leverage a common device that we all have: our Phones!  MFA can be used to add a second-level of authentication to existing apps that involves authenticating users via a phone app, an automated phone call or text message after they've entered their initial username and password credentials.  Users can choose the MFA option that works best for them.

Although MFA sounds very sophisticated, it takes just a few minutes to get started with it via the Windows Azure MFA cloud service ... VERY COOL!  Be sure to check-out the new Step-by-Step guides listed as additional resources below to step through the process of enabling Multi-Factor Authentication.

How do I get started with Windows Azure Active Directory?

Get started with Windows Azure Active Directory by following these steps to create your Windows Azure Active Directory domain …

  1. Activate a FREE Windows Azure Trial Subscription to begin evaluating Windows Azure Active Directory
  2. Sign-in at the Windows Azure Management Portal with the login credentials used when activating your FREE Subscription in Step 1 above.
  3. On the Windows Azure Management Portal, click Active Directory on the left navigation panel to navigate to the Active Directory page.
    Active Directory page on Windows Azure Management Portal
    Click CREATE YOUR DIRECTORY to launch the Create Directory form to begin creating your new Active Directory domain instance.
  4. On the Create Directory form, complete the fields as noted below.
    - Domain Name: Enter a globally unique name for your new Active Directory domain instance.  This domain will initially be provisioned as subdomain inside the public DNS domain.  You can assign a custom DNS namespace to this domain after initial provisioning is completed.
    - Country or Region: Select your closest country or region.  This selection will be used by Windows Azure to determine the Azure Datacenter Region in which your Active Directory domain instance will be provisioned and cannot be changed after provisioning.
    - Organization name: Enter your organization’s name.
    When all fields have been completed, click the image button to begin provisioning your new Windows Azure Active Directory domain instance.
    NOTE: Provisioning of your new Active Directory domain instance will require a few minutes to complete.  When completed, your new domain will be listed on the Active Directory page with a Status of Active.  When provisioning is completed, you may continue with the next step.
  5. On the Active Directory page, click on the name of your newly provisioning Active Directory instance to manage it on a Details page.
    Selecting the newly provisioned Active Directory instance       
  6. On the Details page for your new Active Directory instance, note the tabs located at the top of the page as depicted below.
    Tabs on Active Directory Details Page
    Each tab allows you to perform a particular set of management as follows:
    - Users – Create and Manage cloud-based users
    - Groups - Create and Manage groups of users
    - Applications – Integrate over 580+ 3rd Party Commercial SaaS Applications and your own Cloud-based applications with Windows Azure Active Directory
    - Domains – Add a custom DNS domain name
    - Directory Integration – Configure integration with an on-premise Windows Server Active Directory forest.
    - Configure - Enable Active Directory Premium features and Multi-factor Authentication
    - Reports - Access security reports, such as anomaly reports and resource usage reports.
    After exploring the details presented on each tab, continue with the next set of learning resources below.

Completed! You’ve completed the process of provisioning a new Windows Azure Active Directory instance.

Want more? Keep learning with these additional resources …

Once you've completed these resources, also be sure to check out our growing collection of Windows Azure Step-by-Step Cloud Labs at:


Comments (25)
  1. KeithMayer says:

    Hi Al,

    If federating WAAD with Windows Server Active Directory, access to Windows Server AD domain controllers running ADFS is needed to complete the authentication process.  If connectivity to on-premise DC's is a concern, there's a couple options: (1) WAAD can also run in a self-standing mode where it does not integrate with Windows Server AD and provides authentication on its own.  (2) Or, alternatively, you could extend your Windows Server AD to a couple DC's running as VMs on Windows Azure Infrastructure Services over a site-to-site VPN and run ADFS/Dirsync on those VMs instead.

    See…/step-by-step-extend-your-private-cloud-with-windows-azure-virtual-networks.aspx for the steps involved in extending Windows Server AD to Windows Azure as VM's running DC's.

    Hope this helps!


  2. KeithMayer says:

    Hi Dom,

    Windows Azure Active Directory provides a centralized identity store for cloud-based applications, such as Microsoft Office 365, Windows Intune, or your own custom cloud apps.  To integrate with an on-premises Windows Server Active Directory, ADFS ( Active Directory Federation Services ) and DirSync would be used.  ADFS is an included Role for Windows Server 2012 and is a free download for Windows Server 2008 R2.  You can learn more about these technologies at…/hh831502.aspx

    Hope this helps!


  3. Al says:

    What happens to WAAD when on-premise AD gets turned off as does DirSync?  Will end users still be able to access applications on Azure?  If so, for how long?  

  4. dom says:


    I've created my WAAD, how do I add my Azure VMs to it so the AD users can be part of their local groups etc?

  5. Anonymous says:

    Windows Azure je jedním z nejrychleji aktualizovaných produktů společnosti Microsoft. Nové

  6. Anonymous says:

    Článek byl převzat z českého MSDN blogu

    Windows Azure je jedním z nejrychleji

  7. Anonymous says:

    Step-by-Step: Get Started with Windows Azure Active Directory (WAAD) and Multi-Factor Authentication – – Site Home – TechNet Blogs

  8. Anonymous says:

    Step-by-Step: Get Started with Windows Azure Active Directory (WAAD) and Multi-Factor Authentication – – Site Home – TechNet Blogs

  9. Anonymous says:

    Whether you gold dipped roses calgary are shopping for a 16th, 18th, or that special go 24 karat gold dipped roses lden 50th birthday,gold dipped roses calgary, we are confident you will find unique birthday gift ideas for her that she will hol gold dipped

  10. Anonymous says:

    A gold rose is a perfect gesture of Love,24 karat gold dipped ro 24 karat gold dipped roses ses, Friendship or saying I Love You. Choose from our full line gold trimmed roses of Gold Roses that include Real Roses covered in 24KT Gold, real roses preserved

  11. Anonymous says:

    这是新建文章 1,Birthday Gift Ideas For Her,Gold Dipped Roses.html,Birthd Birthday Gift Ideas For Her ay Gift Ideas For Her,24 Karat Red Gold Trimmed Rose,请修改添加正文内容 Gold Dipped Roses Birthday Gift Ideas For Her 。

  12. Anonymous says:

    Gold and Roses have always b Birthday Gift Ideas For Her een symb gold trimmed blue rose ols of love and beauty. ,Birthday Gift Ideas For Her;

    These two timeless symbols have been perfectly combined by Roses for Life to create a truly romantic gift

  13. Anonymous says:

    ntler innovations in the end.”

    “Very true, Davy; but ye kurtki moncler allegro keep us all Moncler kurtki Kobiety 2014 waiting while ye kurtki moncler allegro make Moncler kurtki Kobiety 2014 your preparations; and here is Pathfinder drawing near to

  14. Anonymous says:

    Latest Journal EntryMay 12, 2008Wilson Wilson Wilson Wilson Wilso Buy sony 60 inch TV n Wilson Wilson Wilson Wilson Wilson Wilson Wilson Wi Ox.Flat.On lson Wilson Wilson Wilson Wilson Wilson Wilson Wilson Wilson Wilson Wilson Wilson Wilson Wilson Wilson

  15. Anonymous says:

    Like iAquaPlay App_114511. the above, knitt hp laptops for sale ed hat and a jacket with a lining seam searsucker-like. We’re not normally a heavy logo’d pieces,iAquaPlay App_114511., but t ipad mini 3 for sale he embroidered letters feels like a part

  16. Anonymous says:

    For those that do not what cycling is,Is it beca, and "Olympia",iPad Is it beca 3 for, iPad 3 for how will this all affect the use and spread of mobile applications? So,Wholesale online galaxy s4, If you don’t have a pair,ipad air for sale, leather jac

  17. Anonymous says:

    as no prot Wholesale online apple ipod ective gear is enough to ens On the little scr ure 100% protection if the device is mishandled. we’ve witnessed the unprecedented success of the iPhone and Apple’s App Store and this h Wholesale online samsung 48

  18. Anonymous says:

    teaching you the road rules and providing useful tips and methods for saf Discount iphone 5 price I put e driving.

    All the questions a galaxy s3 for sale re carefully selected using some of the DMV’s hardest questions and are specific to your states

  19. Anonymous says:

    presents the visible face of cloud computing that most people have alre Make Your ady experienced. The advantages of web-based applications su Buy canon cameras online ch as Gmail, Twitter, and Facebook are pretty obvious – there’s nothing to download

  20. Anonymous says:

    Known publish sharp 46 inch tv for sale ers from the fore Some Observations of Successf ign press, secular, artists, designers and fashionsitas, everybody came from the collection of women Moncler Marmelade Techno equipped with seat belts parka to be

  21. Anonymous says:

    At this stage,Buy i Buy iphone 5 phone 5, a coat hav 5 Top Tips e many opportunities to appeal. Abercrombie & Fitch has all the qualities of a person can look feasible. That mark was placed on the market for large bags of decades and has almost always

  22. Anonymous says:

    This year, A & F was the highest sporting goods company Buy iphone 5 globally.Some details to take care of your Abercrombie and Fitch In How to Sta 1928 Fitch has made the legendary company and won enough money to retire.

    Many celebrities are in

  23. Anonymous says:

    but could a newcomer find the information they des Discount iphone 5 price you c ire,Discount iphone 5 price you c,Discount Appple iPod touch?
    Widg iphone 5 form china Other Mob et Service. I have been unable to sleep since I broke off your engagement

  24. Anonymous says:

    hessian, jute.
    g. indicating that the couple wants to have fun rather at any given time T than go seriously into the Cheap apple ipod big day. bills are deferred for as long as the trial or settlement negotiations last. In 2008,at any given time T,Cheap

  25. Anonymous says:

    Some people just look and never buy even though the prices iPad 3 for sale decide which are usually much cheaper than in the stores Wholesale iphone 6 plus because of lack of expensive overheads. click another one or two times dependant on the shopping

Comments are closed.

Skip to main content