Azure Active Directory Gets New Custom Roles Capability

Azure Active Directory Gets New Custom Roles Capability

Microsoft has added the ability to create and assign custom roles as part of its Azure Active Directory Service.

This new capability gives IT departments greater control over who can access, change or view Azure services within an organization. The custom roles capability today reached the “general availability” milestone, meaning that it’s commercially released by Microsoft and is considered ready for use.

Full Story By Kurt Macki

Roles Based Access Control (RBAC) out of beta

Roles Based Access Control (RBAC) out of beta

RBAC is critical for ensuring the right employees have access to the right documents.  Command line tools are the first step. However, a UI similar to Windows is needed for most IT organizations (who don’t write scripts)

Until now, to give people the ability to manage Azure you had to give them full control of an entire Azure subscription. Now, using RBAC, you can grant people only the amount of access that they need to perform their jobs. Download the generally available RBAC command-line management tools or use the Azure Management Portal (preview) to manage access for your production Azure workloads.

When it comes to identity and access, most organizations that are considering using the public cloud are concerned about two things:

  1. Ensuring that when people leave the organization they lose access to resources in the cloud.
  2. Striking the right balance between autonomy and central governance. For example, giving the project teams ability to create and manage virtual machines in the cloud, while centrally controlling the networks to which those virtual machines connect.

Full Story on Azure Blog

Azure Active Directory Join eliminates need for on premise…

Azure Active Directory Join eliminates need for on premise…

In a few weeks, Windows 10 users can bypass their domain controllers (on premise) and join their W10 computer directly to their corporate domain on the Internet.  This new feature significantly reduces the complexity (and management cost) that was first introduced with Windows 2000.

The key to this is Azure AD Join, a new Windows 10 feature for configuring and deploying corp-owned Windows devices. Like traditional Domain Join, Azure AD Join registers devices in the directory so that they are visible and can be managed by an organization. But with Azure AD Join, Windows authenticates directly to Azure AD, no Domain Controller needed (unless you want to use one of course).

Full Story: AD Blog

Azure Active Directory – Microsoft’s Big Bet on Azure

Active Directory (AD) has been a critical factor of the success of Windows Server since it was first released in December 2000.  Back then, it was Exchange Server (and it’s requirement on AD) that drove sales of Windows Server.  In 2014 it’s O365 that driving the sales of Azure Active Directory.  However, any business currently running a version of Windows Server Active Directory (2003, 2008, 2012) should look at Azure Active Directory.  Especially if they are using commercial SaaS products like, Dropbox, ServiceNow, GoToMeeting, Concur etc.  Don’t make the mistake of early adopters that are barely managing a myriad of identifies.

Microsoft is making a huge investment in Azure Active Directory (AAD).  Today, AAD contains a small subset of features that are part of Windows Server Active Directory and the Forefront Identity Manager.  However, Microsoft has been steadily releasing new capabilities to close the gap.  You can expect Microsoft to continue making big investments in Azure Active Directory.  Look for a major upgrade announcement in the beginning of Oct 2014.

Key Azure Active Directory Features:

  • Single sign-on to any cloud app
  • Enforce Multi-Factor Authentication with SaaS
  • Works with multiple platforms and devices
  • Integrate with on-premises Active Directory

Active Directory Resources:

Recent News (Sept 2014)


High Availability / Disaster Recovery (HADR) Deployment Architectures for Azure

f you new to Azure and kicking the tires on SQL IaaS, you’ll want to make sure you are aware of these 4 options for HADR.   Don’t forget to allocate some time to install / configure Active Directory for the high-end solutions.

SQL Server HADR technologies that are supported in Azure include:

  1. AlwaysOn Availability Groups
  2. Database Mirroring
  3. Log Shipping
  4. Backup and Restore with Azure Blob Storage Service

Full article:


Directory Services is an Excellent First Use Case for Azure

After you have done your homework and picked a cloud platform, one of the first use cases I recommend investigating for your business is Directory Services.  If you’ve been a traditional Microsoft Active Directory (AD) Customers, I recommend looking into the New Azure Active Directory service.  Extending AD into Azure opens numerous possibilities for SaaS, Mobile and LoB integration and is the foundation of a true cloud architecture.  Microsoft just released new features this week with Azure Active Directory Sync Beta 2.  Enterprise customers will appreciate the support for Selective sync, improved password reset & exchange hybrid support.

Beta 2 Features:

  • Selective synchronization which enables you to only sync attributes required for the services you want to enable.
  • AD password reset with multi-forests.
  • Exchange hybrid deployment in multi-forests environments which enables you to have mailboxes in Office 365 as well as in your on-premises exchange.

You’ll find more information on the Active Directory Blog

Azure AD