Microsoft finally goes public with Windows Azure Active Directory details

Microsoft finally goes public with Windows Azure Active Directory details

Summary: Officials are finally starting to share details about Microsoft's identity and access management 'reset' that revolves around a directory service in the cloud.

TOPICS: Microsoft

Microsoft finally is starting to share publicly its high-level cloud-centric identity management plans, as my ZDNet blogging colleague John Fontana noted last week. That means the semi-mysterious Windows Azure Active Directory (WAAD) service is finally fair game for discussion.

I blogged about WAAD -- Microsoft's cloud version of its Active Directory directory service -- earlier this year. Although Microsoft had a public-facing page about WAAD on its Azure site (which it subsequently removed), officials declined to comment on the technology when I asked in February. And members of the Microsoft cloud community said they were not at liberty to share specifics because of non-disclosure agreements.

But Microsoft has decided now's the time to talk WAAD, possibly as one stage setter for its June 7 announcement of new Windows Azure features and functionality. TechEd North America, which kicks off on June 11, also will be a venue for more WAAD information, as I noted in February. (After I blogged about the WAAD sessions on the TechEd docket, Microsoft pulled the listings from their TechEd site, but I still believe there will be more information on the topic there.)

Last week's WAAD posts by Microsoft officials were the overviews. Talk of an identity management "reset" and "democratization" of identity management prevailed. One new thing I learned from last week's WAAD posts is that it's not just Office 365 that's already relying on WAAD. According to the Softies, WAAD also is enabling single sign-on for Dynamics CRM Online and the Microsoft Windows Intune PC management cloud wares. WAAD also already is being used by select third-party developers to provide single sign-on and identity-management for their Azure-hosted apps, Microsoft execs said.

Microsoft officials are playing up the "social" side of WAAD with promises of future blog posts on how WAAD will allow developers to create apps that connect the directory to other software-as-a-service apps, cloud platforms and social networks. And there will be a mobile angle to WAAD, as well, with promised support for apps running on mobile devices like the iPhone, Microsoft officials said.

At the same time, Microsoft isn't forgetting about the importance of connecting Azure Active Directory to its own on-premises servers.

"Microsoft makes it easy to 'connect' Windows Azure Active Directory with an existing directory. At the technical level, organizations can enable identity federation and directory synchronization between an existing Active Directory deployment and Windows Azure Active Directory," blogged John Shewchuk, a Microsoft technical fellow working in the identity space.

The grand plan sounds good. But there are plenty of questions about Microsoft's latest identity-management reset.

It sounds like Kerberos support is non-existent. How does existing Windows group policy fit in --or does it? One Gartner analyst said Microsoft's identity and access-management story for mobile is not very robust at present. Maybe Windows Intune 3 and/or the coming management client for Windows on ARM devices, which may be built around Exchange ActiveSync,  will help Microsoft shore up its identity management strategy for the bring-your-own-device crowd?

Topic: Microsoft


Mary Jo has covered the tech industry for 30 years for a variety of publications and Web sites, and is a frequent guest on radio, TV and podcasts, speaking about all things Microsoft-related. She is the author of Microsoft 2.0: How Microsoft plans to stay relevant in the post-Gates era (John Wiley & Sons, 2008).

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Good to see you back MJ!

    The new Intune 3 stuff is very interesting because MDM is going to be pushed hard in the next year or so. RIM is actively pursuing this course too. I wouldn't be surprised if they decide to license BB10 to complete the picture for their Fusion MDM software, which replaces BES.

    BTW: You going to be on WW this week? It's been a bit dry with just Paul on there. ;)

    (Kidding, Paul!)
    • LOL

      Yeah, Paul and Mary Jo are a team on WW giving the best full coverage of MS from all angles (which is not easy to do).
    • Win Weekly

      Yep, I'm back on this week! Had a good vacation and am rested and ready for the MS news onslaught coming up! :)
      Mary Jo Foley
      • Schedule conflict?

        Andrew Zarian's "What The Tech?" show is being switched around again. Looks like we got a Windows overload for Thursday. I hope that doesn't mean that WTT and WW are going to conflict. Add on Dvorak on NAS and my Thursday is completely occupied. :)

    I'm sure it will be great technology but an unfortunate acronym.
  • I thought that MS was ditching the Azure name?

    Or was I mistaken?
    • The Azure name: Nope, still here

      I and others were wrong in our initial analysis. See update here:

      Mary Jo Foley
  • Makes me wonder

    It's technologies like this that make me wonder what Microsoft uses internally. Would they ever depend on cloud-based AD?
  • law suit

    the cloud has cost me so much and they all can stick the cloud where the sun don't shine it is so unsafe but they keep telling all of you it is so safe what a line do your home work look it up on the net and you will see companys have been hacked again and again and so have people again and again but they will not tell you because the cloud to them is free they don't have to run a service for your email and more and i will not use the cloud because the day i have to i will have my internet truned off for good and if i find in of my info in the cloud i will sue the company that put it there
  • The true cost of Microsoft

    is retraining your IT staff every so many years so they can totally change out everything. Then, you need to make sure all your servers are on contract for software updates, or maybe you need all new hardware to support the "software of the day".

    Anyone remember when computers added to the bottom line instead of being the #1 line item in your yearly capital equipment requests?
    Tony Burzio