Windows Azure AD FAQ

What is Windows Azure Active Directory?

Windows Azure Active Directory (Windows Azure AD) is a modern, REST-based service that provides identity management and access control capabilities for your cloud applications. Windows Azure AD provides one identity service across Windows Azure, Microsoft Office 365, Dynamics CRM Online, Windows Intune and other 3rd party cloud services.

See also:

Return to Contents

If my question is not answered here, where should I ask it?

If you cannot find your answer here, then please search for it at the Windows Azure Active Directory Forum. If you don't find the answer there, then please, post a new question. Also look at the Windows Azure AD Community Information Center.

Return to Contents

Why would I want to use Directory Synchronization with Windows Azure AD?

If you have an on-premises Active Directory installation, you can use Directory Synchronization (DirSync) to copy objects from your on-premises directory to your cloud identity store. This would allow you to have your objects in the cloud and then you could provision them for resources to use with the cloud, such as Exchange Online, Lync Online, Sharepoint Online, and so on. Otherwise, you would have to create those objects using your administrative portal.

Note: DirSync will copy your user objects, but not their passwords to the cloud directory.

Video: Active Directory Integration with Microsoft Office 365

Return to Contents

Why would I want to use Single Sign-On with Windows Azure AD?

If you have an on-premises Active Directory Domain Services (AD DS) installation and you want to provide users with a consistent sign-on experience, you may decide to configure single sign-on (SSO). This allows your users to access resources using the same set of credentials, such as user name and password or smart card. Instead of the cloud directory authenticating your users directly, the trust that you create using Active Directory Federation Services (AD FS) with Windows Azure AD will be used to authenticate the users. When they put their user name into the username box at http://www.microsoftonline.com, they will be redirected to login to your domain instead. If your AD DS and AD FS on-premises is configured correctly and accessible, the users will be able to use their on-premises credentials to login to the cloud and utilize the cloud applications that you have provisioned for them.

Note: You can use DirSync with AD FS, to keep your directory objects synchronized with the cloud. You will still have to provision your users for access to specific cloud services, either through the portal or by using Windows PowerShell, depending on the services you are trying to provision. For more information, see Office 365 and Windows Azure Active Directory: Windows PowerShell Content Map and How to use Windows PowerShell to Automatically Assign Licenses to your Office 365 Users.

Video: Active Directory Integration with Microsoft Office 365
Video: Office 365 Identity Federation Technology Deep-Dive
Video: Windows Azure Active Directory: Access Control to Windows Azure

Return to Contents