Active Directory in the Cloud

Active Directory capabilities have been a key differentiatior for the Microsoft Cloud, which includes the capabilities of Azure.  Some may be inclined to think of Active Directory as a legacy on-premise technology that grinds against cloud principles, but when it comes to business execution the reality is quite different. There are some exciting new capabilities being announced, but first a quick overview.

Azure Active Directory is the foundation for a myriad of B2C and B2B scenarios, with one of the more exciting use cases being Real Madrid who uses Azure Active Directory B2C to handle identity management for their 450 million fans.  When combined with Azure IaaS/PaaS, Power BI and Dynamics CRM the capabilities are nothing short of amazing:

B2B and B2C are great use cases, but what about extending Active Directory to leverage cloud resources? Over 90% of the Fortune 1000 use Active Directory in an on-premise capacity. Azure Active Directory allows these organizations to quickly enable federated access to Office 365,, Concur and many other SaaS applications — or even in-house cloud applications.  It takes just 4 clicks to link Azure Active Directory with your organization’s Active Directory, to provide a means to quickly provision access to these applications to your existing users.  On top of this, Azure Active Directory provides for multi-factor authentication, self-service password and group management, application alerting and monitoring, role based access control and more.


Click to expand


While Azure Active Directory is focused on extending identity management to the cloud, this never included core features of on-premise Active Directory such as Group 101415_1620_AzureADDoma1Policy, Kerberos, NTLM and so forth.  Many legacy applications in use today may not have support for cloud-friendly methods such as OAuth2.0 or SAML. Those that needed this classic functional level of Active Directory for their applications and databases would have to deploy a domain controller in Azure for this capability.

Now with Azure AD Domain Services, organizations no longer need to maintain domain controllers in the cloud for this functionality.  Think of it as the on-premise Active Directory you already know, but as-a-service in the cloud. In the example below, Litware deployed Azure AD Connect to provide classic AD functions like LDAP read & bind, NTLM, Kerberos, and Group Policy to their Azure IaaS workloads — no domain controllers required!



Click to expand

Azure AD Domain Services are currently available as public preview, meaning that there is no SLA guarantee in place, but you still have the opportunity to pilot and explore the capabilities and prepare for the GA release. Follow the link for more information on Azure AD Domain Services including how to get started.


Also just announced is that many preview features of Azure AD App Proxy such as custom domain names, conditional access policies, Intune NDES — are now in GA.  In addition the following new features in preview:

  1. Support for Remote Desktop
  2. Support for complex networks and data center topologies using connector grouping
  3. Support for non-Windows applications using Kerberos over SPNego

For more information on these new features, please see this post on Azure AD App Proxy.


The Active Directory capabilities in Azure are a key differentiator — allowing customers to extend their existing Active Directory to leverage cloud and SaaS applications, as well as new B2C and B2B capabilities.  Now with Azure AD Domain Services in public preview, organizations will soon no longer need to maintain IaaS domain controllers in Azure to support classic Active Directory functions.

Leave a Reply

Your email address will not be published. Required fields are marked *