Concerning Microsoft Azure Active Directory

Sysadmin Adam Fowler puts Azure AD to the test

Google Apps, AD and sync

Google Apps supports the creation of Google Apps accounts by simply creating an on-premise AD account. Synchronisation to Azure AD will occur and you can either automate or manually apply the Google Apps application to the user account.

This passes the details from Azure AD to Google Apps, with the advantage that end-users don't need to know another login; they just use their normal AD credentials. Once federation is set up, which takes only a few minutes, the login screen to Google Apps is replaced by the familiar Azure login page.

Azure Portal with Third Party Applications

The Azure Portal is a great way to promote third-party applications. Like many company portals, it provides links to services that users can sign up for and lets users manage their own credentials if required.

If a company promotes social media usage, users can enter their Reddit or Facebook credentials one time securely, without having to remember extra credentials in future.

The account can even be set up by IT entering the username and password into Azure AD on behalf of users. They may never even know their Reddit or Facebook passwords, which means if someone leaves on bad terms the access can be revoked immediately and from a single location.

The portal also has a profile section which lets users reset or change their password by several controllable methods, such as via mobile phone or alternative email address.

Solutions like this can reduce the amount of calls your IT helpdesk receives, as well as letting users reset passwords themselves in a trusted way, at any time of day and without help. We have all forgotten passwords at one time or another.

Group management is another feature that gives users control over their own applications. Companies usually have several application owners – someone who is in charge of a certain application and controls the access to it. Self-service group management can do the same, but for the cloud.

As the Microsoft example in its documentation shows, SharePoint Online site access can be managed by the person in charge of it by receiving requests for access and adding users into the group that person controls.

IT liberation

There is no need for the IT department to be involved in this process, as it generally doesn't decide who can and can't have access to certain things. Building the framework to enable the right users to do this saves everybody time.

Chances are most of your users are using some sort of online service for business purposes that the IT department is not aware of. Azure can help with this too.

Microsoft has released a utility called Cloud App Discovery that can collect data from devices in your company to find out what services staff are using and match them up to what Azure can offer from its application gallery. This is a great help in understanding what your staff are using and identifying potential risks.

Dropbox is a prime example of a cloud-based service hosting personal accounts, and the company may have a paid subscription. Identifying staff who are using the free version, or other cloud file-sharing services that are not company supported, then adding them to a group for automatic provisioning of their Dropbox for Business account is a simple process.

Having a link to the new service in the portal provides an easy way of securing company data, while ensuring that users are compliant with licensing requirements and not missing out on extra paid-for features.

The single biggest selling point for end-users is having fewer credentials to remember. It is a common complaint that we all have too many usernames and passwords to keep track of. Using the same account to log onto the computer each day and using it for multiple services just makes sense.

This is just the start for Azure AD. I am impressed with it so far and looking forward to seeing where Microsoft takes it. ®

Adam Fowler is an IT operations manager with a background in helpdesk and system administration. Based in Adelaide, Australia, he is passionate about doing things right with a best fit approach. Often knee-deep in Microsoft technologies, he keeps across as many vendors and products as possible.




Biting the hand that feeds IT © 1998–2019