By Ron Grattopp ….last month one of the posts I did was on the “Cloud OS”, so as part of my research for that I ran across information from some time back that I think is still relevant but not well known about our technology, so I wanted to share. This post centers around info from a couple of articles that were done about a year ago by John Shewchuk, a Microsoft Technical Fellow, entitled: Reimagining Active Directory for the Social Enterprise (a 2-part series, part 2 is here). John’s posts are on MSDN and as you might expect are pretty technical in nature and geared toward a developer audience, but feel free to read them if you like. What I want to do here is take some key points from his information and provide it to you as messaging you can use in customer conversations.
Here’s the primary message: “Active Directory (AD) and Windows Azure AD provide a powerful base for single identity across clouds to securely extend applications to people and their devices.” An identity management solution (IDMS) is a key element in access control, or how one allows or prevents access to business data and applications. No other IDMS vendor brings the level of integration across cloud and on-premises that you get with Microsoft—what this means is that I can have a local identity management service (AD) in my own datacenter serving my local infrastructure needs and use that same “Single identity” (e.g. logon) to access those (on-prem) services as well as any private or Microsoft public cloud services that I need or use. But beyond SSO you can use AD/Azure AD as a vehicle to share other information across applications, for example, any SSO-enabled app could leverage AD information about people, groups, reporting relationships, roles, contact information, printer locations, and service addresses. This can make SSO-enabled applications more relevant and rich, not to mention saving users time and effort vs using multiple logins for different apps.
Customer message #2: In case you didn’t know, Office 365 subscribers get Azure AD as part of the deal. As the reference post explains: “Each time a new organization signs up for Office 365, Microsoft automatically create a new Windows Azure Active Directory that is associated with the Office 365 account. No action is required on the part of the individual signing up.” For many smaller organizations, building and maintaining an identity management system and the associated application integration would be an IT effort beyond their capabilities and even organizations who can do that should appreciate the opportunity to make identity management easier and to broaden its reach. So Office 365 brings a built-in IDMS to the table with the following benefits (read the reference post for more detail about each of these):
So, where a business used to only use “corporate apps”, be they custom or commercial (e.g. Office), and the users only had to interface (or logon and access resources) with that environment; now, and even more so in the future, users (with their devices) will also be using or wanting to use apps from the cloud. Having an IDMS technology that easily spans those environments is a key value add for the Microsoft platform and hopefully something else you can use in a customer conversation to help your customers appreciate the value they get from our platform.
This is all well and good. However, we've been doing a fair bit of testing recently, and it appears that we can't tie existing Azure subscriptions to our WAAD/O365 accounts. Is this functionality in the pipeline? It's frustrating to say the least, having to logout of federated WAAD, clear cookies, and log back in with a Live ID to be able to hit the manage.windowsazure.com portal to view hosted virtual resources.