The Microsoft Azure Partner Technical Community is led by National Partner Technology Strategists from the Microsoft US Partner Team. Partner Technical Community activities include blog posts, discussions on Yammer, and community calls.
- Read the US Technical Partner Community blog posts
- Join the Azure Partners and Office 365 Partner groups on Yammer
- Register for the September 18 US Azure Partner Technical Community Call
Last week, my first post in this series introduced you to the Enterprise Mobility Suite, or EMS. Today, let’s take a look at one of the core components of EMS, Hybrid Identity Management, built on Azure Active Directory Premium.
If you haven’t spent much time thinking about Azure AD, you probably have some of the common questions we hear from partners:
- What is it? Are there legitimate business needs Azure AD can help me address with my customers?
- How does it work with the Active Directory I already have on-premises?
- Is it only for authenticating with Microsoft products like Azure, Office 365, or CRM Online?
- What is the end user experience like?
- How can I test it and learn more?
What is it? What customer needs does it address?
Stop and think for a minute about how many cloud applications you use every day to get your work done? I’ll bet you can name 5 or 10 pretty quickly. Maybe you use Microsoft Office 365, a CRM system, a contract management system, a banking system, travel tools, a file sharing tool, your company HR portal, etc. Typically, each of these requires a unique set of credentials to sign in, and often have different user names and password rules, resulting in a frustrating user experience.
Now, imagine being the IT department and trying to help the various departments in the company. One of today’s realities is that each of those departments can purchase a cloud application that meets its needs. While this flexibility can be good, it is not without challenges, like:
- If IT isn’t aware of the application, there is no way to verify if company data policies are being followed or not.
- If a user runs into access or password issues and calls you company’s helpdesk, there is little help to be found for a service they don’t know about. The problem shifts back to the person who purchased the cloud application, taking them away from their responsibilities.
- What happens when a user leaves their role or the company? Who is responsible for ensuring that individual’s accounts and access to company information and data has been turned off or removed?
Until recently, the answer for IT might have been to set up a federation between your company and the cloud provider. This worked when you had 2 or 3 cloud services to federate to, because the scope was small enough to manage.
Today, the number of cloud applications is growing at a rate that IT simply can’t effectively manage. Trying to maintain federation on dozens of cloud apps. Maintaining federation to a dozen or more apps just is not efficient. It could end up looking like this:
There is a better way. Azure Active Directory Premium can be your gateway to cloud applications, and you can help your customers simplify and manage what they use in the cloud.
Imagine being able to help customers:
- Create a single portal where users can log in and access all their cloud based applications with one set of credentials
- Give individual users or a group of users access to a new application with just a few clicks
- Have users self-manage passwords
- Give delegated access to manage groups of users
- Manage cloud application access from a central location
- Use multi-factor authentication when a user attempts to accesses an app from an outside device
How does it work with the Active Directory I already have?
Azure AD is not designed to replace your Windows Server Active Directory, and you do not have to use them together. However, they are better together. You can sync your current AD with Azure AD and then let Azure AD be the way you manage access to all those cloud applications. The Azure AD Sync tool is a great way to connect your Windows Server AD and Azure AD. The tool even supports multi-forest sync.
Is it only for authenticating with Microsoft cloud products like Azure, Office 365, or CRM Online?
Azure AD is designed to be a gateway to thousands of cloud applications from a variety of providers. There is a wide variety of SaaS applications across several industries available, preintegrated and ready to use. In the Active Directory section of the Azure Gallery, you can search for these applications by industry.
What is the end-user experience like?
End users will sign into one portal that can be customized with custom graphics and logos. Here is an example of the sign-in page:
Once a user signs in, he or she will have a screen that shows them the apps available to them. Users can click on an application’s icon to log in, or can use the tabs at the top of the screen to manage groups, approve access requests, or manage their profile.
How can I test it and learn more?
If you have an MPN competency or an Action Pack subscription, your core benefits include Azure internal use rights that can be used for development, testing, demos, and other scenarios. Use these step-by-step instructions to activate your benefit.
Once you sign up for Azure, create a new directory and activate the free trial for AD Premium. Once this is active you can set up the sync to Windows Server AD, add applications you would like to sync with, set up groups, configure a company portal, and start testing. A list of tutorials, guides, and videos is on the Microsoft Azure site here.
I’m looking forward to our discussion about EMS and Active AD, as well as live demos, on our Azure Partner Technical Community Call on September 18. Register today to join us!
To see Azure AD in action, watch this video.