Managing user credentials and application access is becoming more-and-more difficult in today's "cloud era". In addition to managing access to traditional on-premises applications, we're also faced with managing access to numerous 3rd party cloud-based applications - many of which default to managing identities on an app-by-app basis. And ... securing all of those discrete identities with passwords alone is getting quickly outdated as increasingly sophisticated password attacks are hitting the news on a regular basis.
Luckily, Windows Azure gives us the ability to easily gain visibility and centralized control over "cloud era" identity management via two offerings: Windows Azure Active Directory (WAAD) and Windows Azure Multi-Factor Authentication (MFA). In this article, I’ll provide a set of resources that you can use to get started exploring and leveraging Windows Azure Active Directory and Multi-Factor Authentication for your applications …
Windows Azure Active Directory ( WAAD ), a cloud-friendly REST-based implementation of Active Directory for identity management of cloud applications, is available for production cloud apps as a FREE service. WAAD provides consistent centralized identity management for Microsoft Office 365, Windows Intune, over 580+ commercial SaaS applications and your own cloud-based applications. To support unified identity management with traditional on-premises applications, WAAD can also be integrated with Windows Server Active Directory via DirSync and Active Directory Federation Services ( ADFS ) gateway components.
In addition to the free service tier, there's also a Windows Azure Active Directory Premium offering ( currently available as a Public Preview ) that adds support for group-based application access management, advanced machine learning-based security reports, and a customizable application access portal with self-service password reset. You can learn more about activating this Premium offer at the below link location.
Watch this quick whiteboard video that introduces Windows Azure Active Directory and how it can integrate with Windows Server Active Directory.
Download this video for offline viewing.
Secure application authentication for both cloud-based apps and on-premises apps is becoming increasingly important, and it's quickly getting to the point where password-based authentication alone is just not "secure enough" for many apps and organizations.
Windows Azure Multi-Factor Authentication (MFA) is an additional cost-effective paid service, currently priced at $2 USD per user per month, that can be leveraged with both Windows Azure Active Directory and Windows Server Active Directory to quickly add multi-factor authentication to cloud-based apps and on-premises apps. Windows Azure MFA extends authentication to leverage a common device that we all have: our Phones! MFA can be used to add a second-level of authentication to existing apps that involves authenticating users via a phone app, an automated phone call or text message after they've entered their initial username and password credentials. Users can choose the MFA option that works best for them.
Although MFA sounds very sophisticated, it takes just a few minutes to get started with it via the Windows Azure MFA cloud service ... VERY COOL! Be sure to check-out the new Step-by-Step guides listed as additional resources below to step through the process of enabling Multi-Factor Authentication.
Get started with Windows Azure Active Directory by following these steps to create your Windows Azure Active Directory domain …
Completed! You’ve completed the process of provisioning a new Windows Azure Active Directory instance.
Once you've completed these resources, also be sure to check out our growing collection of Windows Azure Step-by-Step Cloud Labs at:
Be sure to check out these additional resources:
Keith Mayer is a Senior Technical Evangelist at Microsoft, focused on helping ISV partners leverage the Azure cloud platform. Keith has over 20 years of experience as a technical leader of complex IT projects, in diverse roles, such as Network Engineer, IT Manager, Technical Instructor and Consultant. He has consulted and trained thousands of customers and partners worldwide on design of enterprise technology solutions.
Keith is currently certified on several Microsoft technologies, including Private Cloud, System Center, Hyper-V, Windows, Windows Server, SharePoint and Exchange. He also holds other industry certifications from VMware, IBM, Cisco, Citrix, HP, CheckPoint, CompTIA and Interwoven.
You can contact Keith online at http://aka.ms/AskKeith.