Active Directory from on-premises to the cloud – Azure AD whitepapers

Identity management, provisioning, role management, and authentication are key services both on-premises and through the (hybrid) cloud. With:

• The Bring Your Own Apps (BYOA) for the cloud and the Software as a Service (SaaS) applications,
• The desire to better collaborate a la Facebook with the “social” enterprise,
• The need to support and integrate with social networks, which lead to a Bring Your Own Identity (BYOI) trend,

Identity becomes a service where identity “bridges” in the cloud talk to on-premises directories or the directories themselves move and/or are located in the cloud.

Active Directory (AD) is a Microsoft brand for identity related capabilities. Within on-premises world, Windows Server AD provides a set of identity capabilities and services and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). Azure AD is AD reimagined for the cloud, designed to help you solving the new identity and access challenges that come with the shift to a cloud-centric, multi-tenant world.

Azure AD is the identity foundation for many Microsoft services like Office 365, Dynamics 365, Intune, and others. Azure AD is a comprehensive identity and access management cloud solution, utilizing the enterprise-grade quality and proven capabilities of Windows AD on-premises. It combines core directory services, advanced identity governance, security and application access management.

This series of whitepapers on Windows Azure AD offerings comprises:

• Towards Identity as a Service (IDaaS) - Use cloud power to solve cloud era challenges.
• Active Directory from the on-premises to the cloud (updated).
• An overview of Azure AD.
• An overview of Azure AD B2C .
• Introducing Azure AD B2B collaboration.
• Azure AD & Windows 10: Better together for Work or School.
• Azure AD/Office 365 seameless sign-in.
• Azure AD/Office 365 single sign-on with Shibboleth 2.
• Leverage Multi-Factor Authentication with Azure AD.
• Leverage Multi-Factor Authentication Server on your premises.
• Leverage Azure AD for modern Business Applications.

The Torwards Identity as a Service (IDaaS) - Use cloud power to solve cloud era challenges whitepaper (Towards-Identity-as-a-Service.docx) explores the reasons why organizations of any size will increasingly use and rely on cloud services to solve cloud era problems, and thus why a new service-based model will emerge for identity combining more advanced capabilities with externalization of operations to achieve reduction in risk, effort and cost. As such, through the analysis of both the business-to-employees (B2E), business-to-business (B2B), and business-to-consumers (B2C) scenarios, and their main characteristics as far as identity is at least concerned, the document discusses why IDaaS – a service combining identity, security (and privacy), personalization and directory – will require that we move beyond the models of identity management that have guided our thinking to date, along with the possible (technical) paths. IDaaS will eventually manage everything from employees and customers to the Internet of Things (IoT).

Acknowledging the trends that sustain the above new identity model and the role of IDaaS, the Active Directory from the on-premises to the cloud whitepaper (AD-from-on-premises-to-the-cloud.docx) presents an overview of the Microsoft’s identity offerings in such an hybrid era.

The An overview of Azure AD whitepaper (An-overview-of-AAD.docx) further presents the capabilities that can be leveraged to centralize the identity management needs of your modern business applications, and your SaaS subscriptions, whether they are cloud-based, hybrid, or even on-premises. The four edition of Azure AD is a complete offering that can help you take advantage of your on-premises existing investment, fully outsource to the cloud your users (and devices) management and anything in between. For enterprises with more demanding needs an advanced offering, Azure AD Basic and eventually Azure AD Premium P1 and Azure AD Premium P2 help complete the set of capabilities that this identity and access management solution delivers.

In addition, the An overview of Azure AD B2C whitepaper (An-overview-of-AAD-B2C.docx) presents the service for business-to-consumer (B2C): Azure AD B2C to embrace identity management (IDM) of individual consumers.

Similarly, the Introducing Azure AD B2B collaboration whitepaper (Introduce-AAD-B2B-collaboration.docx) presents the new feature Azure AD B2B collaboration that can be used with on the above editions to embrace identity management (IDM) of partner and supply chains, and manage business-to-business (B2B) collaboration.

The Azure AD & Windows 10: Better together for Work or School whitepaper (Azure-AD-Windows-10-better-together.docx) introduces how Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education editions will enable a device to connect to your Azure AD tenancy to seamlessly access SaaS applications in the cloud and traditional applications on-premises, and all of that without needing the traditional WSAD domains on-premises if you want to. It depicts the related experiences whether you are cloud-only, hybrid or have an on-premises AD infrastructure as well as how to enable them.

The Azure AD/Office 365 seamless sign-in whitepaper in seven parts (AAD-Office-365-Seamless-Sign-In-Part-1.docx, AAD-Office-365-Seamless-Sign-In-Part-2.docx, AAD-Office-365-Seamless-Sign-In-Part-3.docx, AAD-Office-365-Seamless-Sign-In-Part-4.docx/AAD-Office-365-Seamless-Sign-In-Part-4bis.docx, AAD-Office-365-Seamless-Sign-In-Part-5.docx, AAD-Office-365-Seamless-Sign-In-Part-6.docx, and AAD-Office-365-Seamless-Sign-In-Part-7.docx) provides an understanding of:

• The different seamless sign-in deployment options with Azure AD/Office 365: password hash synchronization (PHS), pass-through authentication (PTA), (federated cross-domain) single sign-on (SSO), seamless SSO with PHS or PTA,
• How to enable it using corporate Active Directory credentials to Azure AD/Office 365,
• The different configuration elements to be aware of for such deployment options,
• And instrumented end-to-end walkthroughs to setup an Azure-based lab environment in Azure Resource Manager (ARM) to further familiarize yourself with both the installation and configuration of the related infrastructure depending on the chosen option.

Likewise, the Azure AD/Office 365 single sign-on with Shibboleth 2 whitepaper (AAD-Office-365-Single-Sign-On-with-Shibboleth-2.docx) provides an understanding of how to enable single sign-on using corporate LDAP-based directory credentials and Shibboleth 2 with the SAML 2.0 protocol to Azure AD/Office 365, and the different configuration elements to be aware of for such deployment. It also provides an end-to-end walkthrough of the related setup and configuration.

The Leverage Multi-Factor Authentication with Azure AD whitepaper (Leverage-Multi-Factor-Authentication-with-AAD.docx) covers the Azure Multi-Factor Authentication paid offering and how to leverage it with Azure AD (Premium).

As an addition, the Leverage Multi-Factor Authentication Server on your premises whitepaper (Leverage-Multi-Factor-Authentication-Server-on-your-premises.docx) describes how to use Azure Multi-Factor Authentication Server and to configure it to secure cloud resources such as Office 365 so that so that federated users will be prompted to set up additional verification the next time they sign in on-premises. In order not to “reinvent the wheels”, this document leverages the instrumented walkthrough provided in the four part (bis) of the above whitepaper Azure AD/Office 365 seamless sign-in (with AD FS in Windows Server 2012 R2).

The Leverage Azure AD for modern Business Applications whitepaper (Leverage-AAD-for-modern-business-apps.docx) further presents the aspects that relates to the development of solutions. Azure AD offers to developers and cloud ISVs an identity management platform to deliver access control to their modern business applications, based on centralized policy and rules.

Supported Operating Systems

Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Vista

The files are Microsoft Word document. Users who do not have Microsoft Word can view these documents through the downloadable Word Viewer.

See Active Directory from on-premises to the cloud