Desktop, tablet and smartphone with app icons.

Protect your business with identity and access management in the cloud

Get single sign-on to thousands of cloud apps and access to web apps that you run on-premises with Azure Active Directory Premium. Built for ease of use, Azure Active Directory management tools enable collaboration and deliver holistic identity protection and adaptive access control.

Business case

Technical overview

Benefits of Active Directory

Single sign-on to any cloud and on-premises web app

Azure Active Directory provides secure single sign-on to cloud and on-premises applications including Microsoft Office 365 and thousands of SaaS applications such as Salesforce, Workday, DocuSign, ServiceNow, and Box.

See more supported SaaS apps

Easily extend Active Directory to the cloud

Connect Active Directory and other on-premises directories to Azure Active Directory in just a few clicks and maintain a consistent set of users, groups, passwords, and devices across both environments.

Connect on-premises directories with Azure

Works with iOS, Mac OS X, Android and Windows devices

Users can launch applications from a personalized web-based access panel, mobile app, Office 365, or custom company portals using their existing work credentials—and have the same experience whether they’re working on iOS, Mac OS X, Android and Windows devices.

Protect sensitive data and applications

Enhance application access security with unique identity protection capabilities that provide a consolidated view into suspicious sign-in activities and potential vulnerabilities. Take advantage of advanced security reports, notifications, remediation recommendations and risk-based policies to protect your business from current and future threats.

Protect on-premises web applications with secure remote access

Access your on-premises web applications from everywhere and protect with multi-factor authentication, conditional access policies, and group-based access management. Users can access SaaS and on-premises web apps from the same portal.

Reduce costs and enhance security with self-service capabilities

Delegate important tasks such as resetting passwords and the creation and management of groups to your employees. Providing self-service application access and password management through verification steps can reduce helpdesk calls and enhance security.

Enterprise scale and SLA

Azure Active Directory Premium offers enterprise-grade scale and reliability. As the directory for Office 365, it already hosts hundreds of millions of users and handles billions of authentications every day. The high availability service is hosted in globally distributed datacenters in 17 regions, with worldwide technical support that provides a 99.9% SLA.

Azure Active Directory applications: New apps

Boost mobile productivity with secured access to applications

Using Azure Active Directory Premium, Bristow Group provided its helicopter pilots and support crews—a highly mobile workforce—easier access to critical enterprise applications, both on-premises and in the cloud.

Read the case study

Save time with simplified identity management

Royal Dutch Shell chose Azure Active Directory to simplify identity management for vendors and employees. Now the company provides fast, secured access to external vendors, cutting onboarding time from months to less than a week.

Read the case study

AZURE ACTIVE DIRECTORY TEAM BLOG

Visit the blog

<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" > <channel> <title>Azure Active Directory – Enterprise Mobility and Security Blog</title> <atom:link href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=azure-active-directory" rel="self" type="application/rss+xml" /> <link>https://blogs.technet.microsoft.com/enterprisemobility</link> <description>The most recent news and updates about Microsoft’s Enterprise Mobility offerings and events for enterprise technology professionals and developers.</description> <lastBuildDate>Thu, 04 May 2017 22:00:15 +0000</lastBuildDate> <language>en-US</language> <sy:updatePeriod>hourly</sy:updatePeriod> <sy:updateFrequency>1</sy:updateFrequency> <item> <title>Azure AD and third-party apps: It’s a bigger deal than you might think!</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/01/azure-ad-and-third-party-apps-its-a-bigger-deal-than-you-might-think/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/01/azure-ad-and-third-party-apps-its-a-bigger-deal-than-you-might-think/#comments</comments> <pubDate>Mon, 01 May 2017 16:00:52 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Apps]]></category> <category><![CDATA[Cloud]]></category> <category><![CDATA[SaaS]]></category> <category><![CDATA[SSO]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=51195</guid> <description><![CDATA[Howdy folks, Today I’ve got a new batch of data to share that I hope many of you will find interesting and useful. Those of you who follow the blog know that Azure AD works well with a ton of applications and that our app gallery features over 2,800 pre-integrated third-party apps. (Third-party meaning apps <a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/05/01/azure-ad-and-third-party-apps-its-a-bigger-deal-than-you-might-think/">Continue reading</a>]]></description> <content:encoded><![CDATA[Howdy folks,
Today I’ve got a new batch of data to share that I hope many of you will find interesting and useful.
Those of you who follow the blog know that Azure AD works well with a ton of applications and that our app gallery features over 2,800 pre-integrated third-party apps. (Third-party meaning apps that were written by someone other than Microsoft).
But did you ever wonder which apps people use the most? Or how many people use Azure AD with third-party apps? Well today your questions will be answered.
Let’s start with the top-level numbers.
<ul>
<li>In April, 6.7 million unique active users signed into a third-party app using Azure AD. Pretty amazing right? And that number is growing 10-12% every month!</li>
<li>Those 6.7 million unique active users signed into more than 190k third-party apps! And that number grows by 10k to 20k apps per month. (Yes, this numbers blows my mind too!)</li>
</ul>
Those are some really big numbers. They give you an idea of just how big the use of Azure AD as a cloud IDaaS service is. Even more exciting for us is how fast usage is growing, both in terms of the number of unique active users and unique active applications. Let’s take a look at the growth in these numbers over the last 12 months:
<img width="957" height="786" class="size-full wp-image-51235 aligncenter" alt="unique-users-vs-apps" src="https://msdnshared.blob.core.windows.net/media/2017/04/unique-users-vs-apps.png" />
The number of Azure AD tenants (a good proxy for customers) that have a user using third-party apps is growing at a similar pace:
<img width="954" height="789" class="alignnone wp-image-51245 size-full" alt="unique-users-vs-tenants" src="https://msdnshared.blob.core.windows.net/media/2017/04/unique-users-vs-tenants.png" />
Now, you might also be wondering: what kinds of apps are these people using?
As you would expect, customers use Azure AD with Office 365 and Azure more than anything else, but they also use Azure AD with a boatload of third-party SaaS apps, custom line-of-business apps and on-premises apps. Many of our largest customers have all of these types of apps integrated with Azure AD. One of our customers already has 1,329 unique third-party applications their employees access using Azure AD!
You’re probably also curious about which third-party SaaS apps Azure AD users use the most. Here’s a chart with the top 15 third-party SaaS apps by usage month for the last nine months:
<img width="1024" height="537" class="size-large wp-image-51225 aligncenter" alt="top-3rd-party-apps" src="https://msdnshared.blob.core.windows.net/media/2017/04/Top-3rd-party-apps-1024x537.png" />
Pretty cool, right? Who would have guessed that there would be a lot of customers using Azure AD with Google Apps, Workday, or ServiceNow? When we started working on Azure AD Premium five years ago, I hoped this would be the case. It’s exciting to see it’s happening!
Hopefully this was interesting information, and you found it useful. If we see a lot of interest, I’ll start publishing this data on a regular basis.
And thanks to our customers for betting on us and making this happen. We really appreciate your vote of confidence and we wouldn’t be here without the awesome input and feedback you’ve given us.
Best Regards,
Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)
Director of Program Management
Microsoft Identity Division
]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/01/azure-ad-and-third-party-apps-its-a-bigger-deal-than-you-might-think/feed/</wfw:commentRss> <slash:comments>2</slash:comments> </item> <item> <title>New Enhancements to the Azure AD Pass Through Authentication Preview are live!</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/27/new-enhancements-to-the-azure-ad-pass-through-authentication-preview-are-live/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/27/new-enhancements-to-the-azure-ad-pass-through-authentication-preview-are-live/#comments</comments> <pubDate>Thu, 27 Apr 2017 16:00:00 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Authentication]]></category> <category><![CDATA[Cloud]]></category> <category><![CDATA[Deployment]]></category> <category><![CDATA[Hybrid]]></category> <category><![CDATA[Hybrid Cloud]]></category> <category><![CDATA[SSO]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=51155</guid> <description><![CDATA[Howdy folks, If you’re a follower of this blog you’ll probably recall that we announced pass-through authentication and seamless single sign-on in Azure AD at the end of last year. These features make it easy and fast to deliver world class end user sign-in experiences with Azure AD. Today I’m excited to announce a few <a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/04/27/new-enhancements-to-the-azure-ad-pass-through-authentication-preview-are-live/">Continue reading</a>]]></description> <content:encoded><![CDATA[Howdy folks,
If you’re a follower of this blog you’ll probably recall that we <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/introducing-azuread-pass-through-authentication-and-seamless-single-sign-on/">announced</a> pass-through authentication and seamless single sign-on in Azure AD at the end of last year. These features make it easy and fast to deliver world class end user sign-in experiences with Azure AD. Today I’m excited to announce a few improvements we’ve made that make these capabilities even more secure, easier to use, and easier to administer.
Pass-through authentication 

Pass-through authentication lets users sign in to your cloud apps while getting rid of the need to store any user passwords in the cloud or deploy new server infrastructure. Some of the key improvements we’ve just turned on include:
<ul>
<li>Security: We’ve improved user sign-on security with public key / private key encryption between Azure AD and on-premises agents. That’s in addition to secure HTTPS, which is always used to transfer usernames and passwords.</li>
<li>Usability: We now support using any attribute, configured as Alternate ID in Azure AD Connect, as the username.</li>
<li>Easier deployment: Now you only need to open two ports to deploy pass-through authenticationthe standard ports 80 and 443.</li>
</ul>
Seamless single sign-on 

Seamless single sign-on gives users on your corporate network the ability to access cloud apps from their domain-joined devices without needing to re-enter their passwords. This feature uses Kerberos authentication instead.
We simplified the end user sign-on experience by removing the need for your users to enter their usernames when they access cloud apps with tenant-specific URLs (like outlook.office365.com/owa/contoso.com).
Customer adoption 

We’ve seen our enterprise customers enthusiastically adopting these new capabilities even before they go GA. Deutsche Post DHL, a global organization with almost 500,000 employees, has been using these features in production and has this to say about their experience:
<blockquote>“We use pass-through authentication and seamless single sign-on to provide 50,000+ users the ability to sign-in to Yammer and 16 other enterprise applications. What I like most about it is its simplicity – it just works! We plan to migrate all ADFS-based applications to this setup soon.” – Joe Gasowski, Head of Identity and Access Management, Deutsche Post DHL</blockquote>
Learn more! 

Dive into our detailed documentation for <a href="https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication">pass-through authentication </a>and <a href="https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso">seamless single sign-on</a> and let us know what you think by leaving us a comment below or emailing us at <a href="mailto:aadopauthfeedback@microsoft.com">aadopauthfeedback@microsoft.com</a>. We look forward to hearing from you!
Best regards,
Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)
Director of Program Management
Microsoft Identity Division
]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/27/new-enhancements-to-the-azure-ad-pass-through-authentication-preview-are-live/feed/</wfw:commentRss> <slash:comments>8</slash:comments> </item> <item> <title>Demonstrating our Growth Mindset & Learning from our Customers: We’re reverting the branding logic on Azure AD login pages</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/25/having-a-growth-mindset-learning-from-our-customers-were-reverting-the-branding-logic-on-azure-ad-login-pages/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/25/having-a-growth-mindset-learning-from-our-customers-were-reverting-the-branding-logic-on-azure-ad-login-pages/#respond</comments> <pubDate>Wed, 26 Apr 2017 00:26:09 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=51035</guid> <description><![CDATA[Howdy folks, Back on April 7th we announced changes to the branding logic for Azure AD login pages. In the 18 days since then we’ve learned a ton from you, our customers, including the fact that many of you are not thrilled with these changes. Additionally, we learned that we took many you by surprise <a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/04/25/having-a-growth-mindset-learning-from-our-customers-were-reverting-the-branding-logic-on-azure-ad-login-pages/">Continue reading</a>]]></description> <content:encoded><![CDATA[Howdy folks,
Back on April 7th <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/04/07/improving-the-branding-logic-of-azure-ad-login-pages/">we announced changes to the branding logic for Azure AD login pages</a>. In the 18 days since then we’ve learned a ton from you, our customers, including the fact that many of you are not thrilled with these changes. Additionally, we learned that we took many you by surprise and did not give you enough time to alert and train your employees about the change.
So today we get to demonstrate our Growth Mindset! We’ve learned from your feedback and we’ve decided to roll back these changes (they are being reverted as I type). We’re going to revisit the overall here plan and take steps to better socialize and communicate future end-user facing UX changes. Ariel Gordon the PM for these features has the details below.
Thanks to all of you who shared your feedback with us about these changes. We learned a lot from you and we’ll use these lessons to improve going forward.
Best regards,
Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)
Director or Program Management
Microsoft Identity Division
———————–
Hi everyone,
Earlier this month we changed the logic that controls app vs. company branding on Azure AD login pages. These changes had two key motivations: provide better brand awareness to customers using B2B flows, and reconcile the branding logic between Azure AD and Microsoft accounts, as a prerequisite to merging the two login experiences later this year.
And while we tested and validated the new logic with many customers, we underestimated the impact of these changes to the broader community. You’ve also told us that these changes had disrupted your business because we failed to provide advanced notice.
We’re heard you loud and clear. We’ve therefore decided to rollback these changes, effective immediately. We’re also making changes to our engineering and communication process to ensure this doesn’t happen again. Specifically, our team is making the following commitments:
<ol>
<li>Future login UX change that affect business customers will be announced ahead of time</li>
<li>Changes will be tested via flighting, and incorporate a Preview period that allows us to gather broader feedback from you</li>
<li>For most disruptive design changes, we’ll introduce an opt-in period of at least 30 days, giving everyone a chance to update their support and training materials</li>
</ol>
Best regards,
Ariel Gordon, Principal Program Manager, Identity Division <a href="https://twitter.com/askariel">(@askariel</a>)
]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/25/having-a-growth-mindset-learning-from-our-customers-were-reverting-the-branding-logic-on-azure-ad-login-pages/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>#AzureAD Mailbag: Azure AD App Proxy, Round 2</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/21/azuread-mailbag-azure-ad-app-proxy-round-2/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/21/azuread-mailbag-azure-ad-app-proxy-round-2/#respond</comments> <pubDate>Fri, 21 Apr 2017 16:00:22 +0000</pubDate> <dc:creator><![CDATA[Mark Morowczynski [MSFT]]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Mailbag]]></category> <category><![CDATA[SaaS]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=50057</guid> <description><![CDATA[Hey everyone, Ian Parramore here. Long time no post for us on these mailbags. You might be wondering what happened and why we didnt have a post for almost 2 months. I can tell you who is to blame, Mark. Now that we got that out of the way. Today were going to dive in <a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/04/21/azuread-mailbag-azure-ad-app-proxy-round-2/">Continue reading</a>]]></description> <content:encoded><![CDATA[Hey everyone, Ian Parramore here. Long time no post for us on these mailbags. You might be wondering what happened and why we didnt have a post for almost 2 months. I can tell you who is to blame, <a href="https://twitter.com/markmorow">Mark</a>. Now that we got that out of the way. Today were going to dive in a little bit on some of the most common questions weve seen around the Azure AD Application Proxy. For those of you not familiar with this awesome feature, Application Proxy provides single sign-on (SSO) and secure remote access for web applications hosted on-premises. These on-premises web applications can now be integrated with Azure AD, allowing your end users to access your on-premises applications the same way they access O365 and other SaaS apps integrated with Azure AD. You don’t even need to change the network infrastructure or require a VPN to provide this solution for your users. To learn more about Application Proxy and how to get started, see our <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-get-started">documentation</a>. Now lets dig into some of your questions.
 
Question 1:
Im trying to setup Kerberos constrained delegation as discussed in <a href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-proxy-sso-using-kcd/">this article</a> but am struggling to understand the PrincipalsAllowedToDelegateToAccount method. Do you have some more insights you can share on this?
 
Answer 1:
PrincipalsAllowedToDelegateToAccount is specifically used where the Connector servers are in a different domain to the web application service account and requires the use of Resource-based Constrained Delegation.
 
If the Connector servers and the web application service account are in the same domain then you can use the Active Directory Users and Computers to configure the delegation settings on each of the Connector machine accounts to allow them to delegate to the target SPN.
 
If the Connector servers and the web application service account are in different domains then we need to use Resource based delegation where the delegation permissions are configured on the target web server / web application service account.
This is a relatively new method of Constrained Delegation introduced in Windows Server 2012 which supports cross-domain delegation by allowing the resource (web service) owner to control which machine/service accounts are allowed to delegate to it. There is no UI to assist with this configuration so we need to use PowerShell.
 
Each Azure AD Application Proxy Connector machine account needs to be granted permissions to delegate to the web application service account.
When validating your configuration you can check the PrincipalsAllowedToDelegateToAccount setting using the following PowerShell:-
Get-ADUser -Identity sharepointserviceaccount -Properties “PrincipalsAllowedToDelegateToAccount”
 
The following output shows 2 machine accounts with permissions to delegate to the sharepointserviceaccount corresponding to our 2 Connector servers:
 
<a href="https://msdnshared.blob.core.windows.net/media/2017/03/image812.png"><img width="2702" height="128" title="image" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="image" src="https://msdnshared.blob.core.windows.net/media/2017/03/image_thumb760.png" border="0" /></a>
 
If one or more of your Connector servers do not have permissions to delegate to the target web application service account then you will see errors similar to the following:
<a href="https://msdnshared.blob.core.windows.net/media/2017/03/image813.png"><img width="1147" height="1056" title="image" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="image" src="https://msdnshared.blob.core.windows.net/media/2017/03/image_thumb761.png" border="0" /></a>
 
In the article you’ll see the following sample PowerShell commands:
$connector= Get-ADComputer -Identity connectormachineaccount -server dc.connectordomain.com
Set-ADUser -Identity sharepointserviceaccount -PrincipalsAllowedToDelegateToAccount $connector
 
This is fine but will only set one Connector with delegation rights to the sharepointserviceaccount.
If you only specify one of two Azure AD App Proxy connectors, access to the app will only succeed if traffic is routing through that connector.
 
Where you have more than one Connector the first command would ideally look something like this:
$connectors = Get-ADComputer -filter {name – like “*appproxyname*”} -server dc.connectordomain.com
 
This command assumes the connectors have a similar name and that the wildcards will return more than one computer account. For example, in my environment I have two connectors, MSFTPM-AAP1 and MSFTPM-AAP2. So I would run:
$connectors = Get-ADComputer -filter {name – like “*aap*”} -server dc.connectordomain.com
 
This returns both servers and sets them in the $connectors variable. I can then run the second command to set the attribute appropriately on my resource server:
Set-ADUser -Identity sharepointserviceaccount -PrincipalsAllowedToDelegateToAccount $connectors
 
We can then use the following PowerShell to re-validate the setting:
Get-ADUser -Identity sharepointserviceaccount -Properties “PrincipalsAllowedToDelegateToAccount”
Note the above examples are using Set-AdUser/Get-AdUser when getting/setting the PrincipalsAllowedToDelegateToAccount attribute. This is because the web application is running under a service account.
 
If the web application was running under a machine context we would need to use Set-AdComputer/Get-AdComputer. This may be relevant in a test environment with only a single web server but in a load balanced web server deployment we would expect the services to be running under a common service account.
 
When populating the $connectors variable we will always use Get-AdComputer as we are specifically interested in the Connector machine accounts.
 
For further information about Kerberos Constrained Delegation and Resource-based Constrained Delegation please see the following whitepaper <a href="http://aka.ms/kcdpaper">http://aka.ms/kcdpaper</a>
 
Question 2:
Should I create a dedicated account to register the connector with the Azure AD Application Proxy?
 
Answer 2:
There’s no reason to. Any global admin account will work fine. The credentials entered during installation are not used after the registration process. Instead, a certificate is issued to the connector which will be used for authentication from that point forward. You can see this certificate in the personal store of the computer account:
<a href="https://msdnshared.blob.core.windows.net/media/2017/03/image814.png"><img width="1392" height="154" title="image" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="image" src="https://msdnshared.blob.core.windows.net/media/2017/03/image_thumb762.png" border="0" /></a>

Question 3: 
How can I monitor the performance of the Azure AD Application Proxy connector?

Answer 3: 
There are Performance Monitor counters that are installed along with the connector. To view them do the following:
1. Start -> Type “Perfmon” -> Enter
2. Select Performance Monitor and click the green “+” icon:
<a href="https://msdnshared.blob.core.windows.net/media/2017/03/image815.png"><img width="1202" height="244" title="image" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="image" src="https://msdnshared.blob.core.windows.net/media/2017/03/image_thumb763.png" border="0" /></a>
3. Select and add the Microsoft AAD App Proxy Connector counters:
<a href="https://msdnshared.blob.core.windows.net/media/2017/03/image816.png"><img width="1281" height="882" title="image" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="image" src="https://msdnshared.blob.core.windows.net/media/2017/03/image_thumb764.png" border="0" /></a>
 
Question 4: 
Can only IIS-based apps be published? What about web apps running on non-Windows web servers? Does the connector have to be installed on a server with IIS installed?
 
Answer 4: 
Woah, this is a 3 for 1!
 No there is no IIS requirement for apps that are published.
 Yes you can publish web apps running on servers other than Windows Server. Having said that, you may or may not be able to use pre-authentication with a non-Windows Server depending on if the web server supports Negotiate (Kerberos authentication).
The server the connector is installed on does not have to have IIS installed.
 
Question 5: 
Does the Azure AD App Proxy connector have to be on the same subnet as the resource?
 
Answer 5:
There is no requirement for the connector to be on the same subnet. It does however need name resolution to the resource as well as the necessary network connectivity (routing to the resource, ports open on the resource, etc.). If you want a more detailed discussion on connector location, please see <a href="https://blogs.technet.microsoft.com/applicationproxyblog/2016/08/16/network-topology-considerations-when-using-azure-ad-application-proxy/">our blog</a>.
 
Question 6: 
Ive published the App Proxy application, and Im able to log in, but the application is not displaying as expected. Why isnt it working?
 
Answer 6: If youre able to login and the application isnt displaying properly, there are two common possible causes.
Please verify that all the pages referenced by the application are in the path you published. For example, we see many cases where the published path is contoso/myapp/register/, but the web page has references to resource under different paths e.g. conotoso/myapp/style.css. Because the path containing the style page has not been published, the application is unable to find it when loading.
One way to check if this may be the problem is to look at a Fiddler trace or use the Network tab in the F12 Developer tools in Internet Explorer or Edge browsers to get an overview of the request/response pairs and associated HTTP status codes as you load a web page. You can use the output to identify if you are getting any 404 errors, and if so, whether the resources with the 404 errors are in the published path.
 
In the above example, publishing contoso/myapp/ instead of contoso/myapp/register/ would solve the problem.
 
Also, make sure to check if your application uses hard-coded internal links to either other applications or unpublished sites or, for its own internal namespace.
 
This can be problematic where the internal and external FQDNs in use are different and the web server generates links based on its internal name. Our general recommendation is to use the same internal and external FQDN and protocol (validate that both are the same https is preferred, http is allowed) where possible to reduce the chance of any problems.
 
For sites that contain links to other internal sites or applications, you would need to identify these and then ensure the relevant applications and sites are also published and available externally through Application Proxy. If these links are fully qualified, please use the <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-custom-domains">custom domains feature</a> to make sure these links will work. If not, look for an upcoming announcement in the coming months on some new Application Proxy capabilities in this area.! Please check the <a href="https://blogs.technet.microsoft.com/enterprisemobility/">Enterprise Mobilty and Security blog</a> for announcements.
 
You can use a tool such as Fiddler to review the traffic and identify request failures with a 404 status. You can also use the Network tab in the F12 Developer tools in Internet Explorer or Edge browsers to get an overview of the request/response pairs and associated HTTP status codes as you load a web page.
 
Thanks for reading.
 
For any questions you can reach us at 
<a>AskAzureADBlog@microsoft.com</a>, the <a href="https://social.msdn.microsoft.com/Forums/azure/en-US/home?forum=WindowsAzureAD">Microsoft Forums</a> and on Twitter <a href="https://twitter.com/AzureAD">@AzureAD</a>, <a href="https://twitter.com/markmorow">@MarkMorow</a> and <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>
 
-Ian Parramore, Harshini Jayaram, and Mark Morowczynski
]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/21/azuread-mailbag-azure-ad-app-proxy-round-2/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>Extend cloud identity and access management to your customer and partner relationships</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/12/extend-cloud-identity-and-access-management-to-your-customer-and-partner-relationships-2/</link> <pubDate>Wed, 12 Apr 2017 16:00:59 +0000</pubDate> <dc:creator><![CDATA[Andrew Conway]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=50525</guid> <description><![CDATA[Organizations are transforming how they operate in a digital world. This means seizing new opportunities quickly, reinventing business processes, and delivering greater value to customers.]]></description> <content:encoded><![CDATA[Organizations are transforming how they operate in a digital world. This means seizing new opportunities quickly, reinventing business processes, and delivering greater value to customers. More important than ever are the strong and trusted relationships with the whole ecosystem in which an organization operates. This includes business partners, contractors, and of course customers. While business-to-business (B2B) and business-to-consumer (B2C) interactions may be different, sustaining both requires information security combined with intuitive user experiences.
As your network of B2B and B2C connections grows online, securing them across on-premises, cloud, and hybrid scenarios becomes more of a challenge. A secure identity platform is critical to support this growth and to enable digital business securely. With this goal in mind, today we announce two important extensions in the capability of Microsoft Azure Active Directory.
<h2>Azure Active Directory B2B collaboration now generally available</h2>
Businesses are increasingly dispersed, mobile, and collaborative, relying on wide range of vendors, partners, and contractors to stay nimble and capitalize on changing markets. Azure Active Directory (AD) is the foundation of our identity-driven approach to security and extends beyond your own employees to secure the identities of external collaboratorspartners, contractors, and vendors. Our goal is to make it easy and secure to collaborate with the employees of any organization. Azure AD B2B collaboration is generally available today and is part of Microsoft Enterprise Mobility + Security (EMS).
B2B collaboration provides external user accounts with secure access to documents, resources, and applicationswhile maintaining control over internal data. Theres no need to add external users to your directory, sync them, or manage their lifecycle; IT can invite collaborators to use any email addressOffice 365, on-premises Microsoft Exchange, or even a personal address (Outlook.com, Gmail, Yahoo!, etc.)and even set up conditional access policies, including multi-factor authentication. Your developers can use the Azure AD B2B APIs to write applications that bring together different organizations in a secure wayand deliver a seamless and intuitive end user experience.
Millions of users from thousands of businesses have already been using Azure AD B2B collaboration capabilities available through public preview.
<blockquote>As early adopters of Azure AD B2B collaboration, we used this service to provide a simple and secure way for partners, large and small, to use their own credentials to access Kodak Alaris systems. The latest enhancements are interesting, and we plan to use the invitation manager API in our Partner Relationship Management portal for a more customized guest onboarding/provisioning experience. The Azure AD team has been an incredible partner in our re-creation of a more agile and cost-effective hybrid cloud IT infrastructure. Steve Braunschweiger, Chief Enterprise IT Architect Kodak Alaris</blockquote>
<h3>Heres how you can get started with Azure Active Directory B2B collaboration:</h3>
<ul>
<li>Watch this <a href="https://aka.ms/b2bmechanics">Mechanics Video</a> to see the benefits of cloud-based B2B identity and access management</li>
<li>Read more details from the <a href="https://aka.ms/b2bcollabblog">Azure AD B2B team blog</a></li>
<li>Get started with <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-admin-add-users">Azure Active Directory B2B collaboration</a></li>
</ul>
<h2>Azure Active Directory B2C now available in Europe</h2>
Another important audience within most enterprise ecosystems are the customers who trust your business with their own sensitive personal and financial information. Azure Active Directory B2C enables organizations to securely connect with their customers at scale. Today, Azure AD B2C is generally available in Europe. Azure AD B2C is a highly available, global identity and access management service for your consumer-facing applications. It scales to hundreds of millions of protected identities, integrates easily with nearly any platform on any device, and includes optional multi-factor authentication for additional protection. Your consumers will be able to use existing social media accounts or create new credentials for single sign-on access to your applications through a fully customizable experience.
Organizations now have the option to use Azure AD B2C tenants that operate and store data only in European datacenters. For all other regions, Azure AD B2C is available through the North American or European datacenters.
<h3>Heres how you can get started with Azure Active Directory B2C:</h3>
<ul>
<li>Watch <a href="https://youtu.be/ASC7CG4XMq8">this video</a> to see the benefits of cloud-based consumer identity and access management</li>
<li>Read more details from the <a href="https://aka.ms/azureadb2ceu">Azure AD B2C team blog</a></li>
<li>Get started with <a href="http://azure.microsoft.com/trial/get-started-aad-b2c/">Azure AD B2C</a> in your consumer app</li>
</ul>
As companies adopt a cloud-first position to take advantage of increased agility and faster innovation, like B2B and B2C, we recognize that cloud-first doesnt mean cloud-only. <a href="https://blogs.technet.microsoft.com/hybridcloud/2017/04/12/consistency-is-the-cure-for-hybrid-cloud-complexity/">As we announced today</a>, we make it easy for customers to maximize their existing investments to adopt cloud. A hybrid approach is a strategic plan for businesses financially, for security, and for their identities and applications.
]]></content:encoded> </item> <item> <title>Azure AD B2B Collaboration is Generally Available!</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/12/azure-ad-b2b-collaboration-is-generally-available/</link> <pubDate>Wed, 12 Apr 2017 16:00:57 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[B2B]]></category> <category><![CDATA[Cloud]]></category> <category><![CDATA[Conditional Access]]></category> <category><![CDATA[SaaS]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=50485</guid> <description><![CDATA[Howdy folks, This is a blog post I’ve been as eager to publish as I suspect you’ve been eager to read it. I’m excited to let you know that Azure AD business-to-business (B2B) collaboration is generally available worldwide! Azure AD B2B collaboration capabilities enable any organization using Azure AD to work safely and securely with <a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/04/12/azure-ad-b2b-collaboration-is-generally-available/">Continue reading</a>]]></description> <content:encoded><![CDATA[Howdy folks, 

This is a blog post I’ve been as eager to publish as I suspect you’ve been eager to read it. I’m excited to let you know that Azure AD business-to-business (B2B) collaboration is generally available worldwide! 

Azure AD B2B collaboration capabilities enable any organization using Azure AD to work safely and securely with users from any other organization, small or large, with or without Azure AD, & with or without an IT organization. 

Organizations using Azure AD can provide their B2B partners access to documents, resources, and applications while maintaining control over corporate data. Developers can use the Azure AD B2B APIs to write applications that bring two organizations together in a secure way that is also seamless and intuitive for end users to navigate. 

Customer demand for these capabilities is sky high! Already during the public preview, customers have invited 2.6M guest users using these new capabilities. <img class="aligncenter" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/04/041117_0246_AzureADB2BC1.png" /> 

And more than 20% of Azure AD Tenants with >10 users are now using Azure AD B2B!: 

 
<img class="aligncenter" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/04/041117_0246_AzureADB2BC2.png" /> 

We have spent thousands and thousands of hours with these customers diving into how we can best serve their needs with Azure AD B2B. 

I’d like to thank all of you who spent time with us providing feedback and suggestions. We would not have reached this point without your partnership. 

Now you can dive in and use Azure AD B2B in your organization! Here are a few of highlights of the things you can do now: 

Easily add B2B users to your organization: 

<img class="aligncenter" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/04/041117_0246_AzureADB2BC3.png" /> 

Enable your collaborators to bring their own identity to work with you: 

<img class="aligncenter" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/04/041117_0246_AzureADB2BC4.png" /> 

Delegate to application and group owners so they can add B2B users directly to any of the thousands of apps that work with Azure AD: 

<img class="aligncenter" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/04/041117_0246_AzureADB2BC5.png" /> 

<img class="aligncenter" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/04/041117_0246_AzureADB2BC6.png" /> 

Have consistent authorization policies protecting your corporate content across your employees and partners: 

<img class="aligncenter" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/04/041117_0246_AzureADB2BC7.png" /> 

Use our APIs and sample code to easily build applications to onboard your external partners in ways customized to your organization’s needs: 

<img class="aligncenter" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/04/041117_0246_AzureADB2BC8.png" /> 

With Azure AD B2B collaboration, you can get the full power of Azure AD to protect your partner relationships in a way that end users find easy and intuitive. 

Work with any user from any partner 

<ul>
<li>Partners use their own credentials 
</li>
<li>No requirement for partners to use Azure AD 
</li>
<li>No external directories or complex set-up required 
</li>
</ul>
Simple and secure collaboration 

<ul>
<li>Provide access to any corporate application or resource 
</li>
<li>Seamless user experiences 
</li>
<li>Enterprise-grade security for applications and data 
</li>
</ul>
No management overhead 

<ul>
<li>No external account or password management 
</li>
<li>No sync or manual account lifecycle management 
</li>
<li>No external administrative overhead 
</li>
</ul>
Get started today on <a href="https://portal.azure.com/">the Azure portal</a>. 

Learn More 

There’s far more detail about the new Azure AD B2B Collaboration features in our <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-what-is-azure-ad-b2b">updated documentation</a>, so take a look and let us know if you have any questions! And if you haven’t seen it yet, check out (below) the latest short video about Azure AD B2B we put together, too. 

<iframe width="560" height="315" src="https://www.youtube.com/embed/AhwrweCBdsc" frameborder="0" allowfullscreen></iframe> 
As always, connect with us for any feedback, discussions and suggestions through our <a target="_blank" href="https://techcommunity.microsoft.com/t5/Azure-Active-Directory-B2B/bd-p/AzureAD_B2b">Microsoft Tech Community</a>. You know we’re listening! 

Best Regards, 
Alex Simons (@Twitter:<a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>) 
Director of Program Management 
Microsoft Identity Division
]]></content:encoded> </item> <item> <title>End of support for DirSync and Azure AD Sync is rapidly approaching. Time to upgrade to Azure AD Connect!</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/10/end-of-support-for-dirsync-and-azure-ad-sync-is-rapidly-approaching-time-to-upgrade-to-aad-connect/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/10/end-of-support-for-dirsync-and-azure-ad-sync-is-rapidly-approaching-time-to-upgrade-to-aad-connect/#comments</comments> <pubDate>Mon, 10 Apr 2017 16:00:41 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Hybrid]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=50106</guid> <description><![CDATA[Howdy folks, On April 13 of last year, we announced the deprecation of “Windows Azure Active Directory Sync (DirSync)” and “Azure Active Directory Sync (Azure AD Sync)” and that it was time to start planning to upgrade to Azure AD Connect. We also announced at the time that DirSync & Azure AD Sync will reach <a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/04/10/end-of-support-for-dirsync-and-azure-ad-sync-is-rapidly-approaching-time-to-upgrade-to-aad-connect/">Continue reading</a>]]></description> <content:encoded><![CDATA[Howdy folks, 

On April 13 of last year, we announced the deprecation of “Windows Azure Active Directory Sync (DirSync)” and “Azure Active Directory Sync (Azure AD Sync)” and that it was time to start planning to upgrade to Azure AD Connect. We also announced at the time that DirSync & Azure AD Sync will reach end of Support on April 13, 2017. Since then, 35,000 customers have successfully upgraded from these deprecated tools to Azure AD Connect that’s what we like to see! 

Today, we are confirming that DirSync and Azure AD Sync will reach end of Support as planned on April 13, 2017. 

I would highly recommend that if you haven’t upgraded to Azure AD Connect, you should do so VERY soon to avoid service disruptions. Azure AD will stop accepting connections from DirSync and Azure AD Sync after December 31, 2017. 

For more information about the DirSync and AAD Sync upgrade, please see the <a href="https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-dirsync-deprecated">DirSync and Azure AD Sync deprecation documentation</a>. 

If you have any questions or feedback about this change, we’re all ears. Please leave us a comment below or reach on Twitter using the #AzureAD hashtag. 

Best regards, 

Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>) 

Director of Program Management 

Microsoft Identity Division 

]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/10/end-of-support-for-dirsync-and-azure-ad-sync-is-rapidly-approaching-time-to-upgrade-to-aad-connect/feed/</wfw:commentRss> <slash:comments>1</slash:comments> </item> <item> <title>We’ve added 21 new 3rd party apps to the Azure AD App Gallery!</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/29/weve-added-21-new-3rd-party-apps-to-the-azure-ad-app-gallery/</link> <pubDate>Wed, 29 Mar 2017 14:38:10 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Apps]]></category> <category><![CDATA[Modern Apps]]></category> <category><![CDATA[SaaS]]></category> <category><![CDATA[SSO]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=49896</guid> <description><![CDATA[Howdy folks, Many of you probably associate Azure AD with Office 365 & Microsoft Azure. That makes a lot of sense. Those are the cloud services our customers use the most with Azure AD. But you might be surprised to learn that customers use Azure AD with a TON of applications built by 3rd party <a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/03/29/weve-added-21-new-3rd-party-apps-to-the-azure-ad-app-gallery/">Continue reading</a>]]></description> <content:encoded><![CDATA[Howdy folks,
Many of you probably associate Azure AD with Office 365 & Microsoft Azure. That makes a lot of sense. Those are the cloud services our customers use the most with Azure AD.
But you might be surprised to learn that customers use Azure AD with a TON of applications built by 3rd party developers. This is one of our most popular and fastest growing capabilities. This month alone our customers used Azure AD with more than 170,000 3rd party applications!
Given how popular this capability is, I’m excited to announce that working with our ISV partners, we’ve just added 22 new 3rd party apps to the Azure AD app gallery! Let’s take a quick tour of the apps we added.
<img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/03/032917_1431_Wevejustadd3.png" />
HR apps:
<a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.firmplay?tab=Overview">FirmPlay: Employee Advocacy for Recruiting</a>manages your employee Advocacy program with powerful software that lets you curate, collect, create, and share employee generated content with prospective talent. <a href="https://www.firmplay.com/">FirmPlay</a> app allows you to easily collect employee insights and turn them into engaging, shareable recruiting content the kind that resonates with top talent.
<a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.patheercoach?tab=Overview">Patheer Coach</a> provides the tools for employees to continually grow and develop skills, it also empowers leaders to drive performance. The <a href="https://patheer.com/">Patheer Coach</a> app allows leaders to capture and analyze their talent landscape, such as identifying high-performing employees, forecasting talent and skill capability gaps to build a strong talent pipeline.
<a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.pingboard?tab=Overview">Pingboard</a>is the place for everything you need to know about the people you work with. You can quickly build your org chart and share it with your team. Everyone will always know who’s who and who does what. <a href="https://pingboard.com/?utm_source=MSN_SE_NW_US_BRNDED&utm_medium=cpc&utm_campaign=search__-__nw__-__branded&utm_term=ping_board_exm&c1=MSN_SE_NW&source=US_BRNDED&cr2=search__-__nw__-__branded&kw=ping_board_exm&cr5=76347355658954&cr7=c">Pingboard</a> is the employee directory, org chart and out of office calendar. 

<a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.planmyleave?tab=Overview">PlanMyLeave</a> is an HRIS and online leave management system designed to scale easily from small to medium businesses to large enterprises. <a href="https://www.bing.com/search?q=PlanMyLeave&qs=n&form=QBLH&pc=BBMU&sp=-1&pq=planmyleave&sc=5-11&sk=&cvid=7448230F89044762BC90C3FD9F336CB0">PlanMyLeave</a> helps you customize leave types and set up complex leave policies for any country. 

Business Management apps: 

<a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.cflow?tab=Overview">Cavintek’s Cflow</a> is a cloud-basedbusiness process management app that helps streamline and automate business process in SMBs. <a href="http://www.cavintek.com/">Cflow</a> moves organization from emails and spreadsheets to using business apps and secures all communication. 

<a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.contractrebates?tab=Overview">Contract Rebates</a> by Xen Computers Limited managescontractual pricing agreements between indirect customers and wholesalers, providing validataion and payment of rebates together with financial control and reporting capabilities. 

<a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.lecorpio?tab=Overview">Lecorpio</a> Intellectual Property Management provides a secure, web-based portal that centrally manages the entire IP lifecycle from the submission of disclosures all the way through to the payment of annuities, and ongoing opposition filings, enforcement actions, arbitration, litigation, contracts, license agreements and more. <a href="http://www.lecorpio.com/company/">Lecorpio</a> is trusted by the world’s most innovative companies. 

Collaboration apps: 

<a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.fuze?tab=Overview">Fuze</a>offers unified communication service that enables efficient collaboration at work. <a href="https://www.fuze.com/fuze-reimagined">Fuze</a> combines voice, video, messaging, and content sharing in a single app with great user experience. 

<a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.maxxpoint?tab=Overview">MaxxPoint</a> brings together your unified communication apps from West UC with a secure and easy-to-use interface. MaxxPoint app gives you the visibility across your enterprise and the tools to manage your UC services. 

<a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.teamwork?tab=Overview">Teamwork Projects</a>is acollaborative project managementapp designed to streamline processes and connect your team. The <a href="https://www.teamwork.com/project-management-software">Teamwork Projects app</a> keeps all your team’s tasks in one place, so your team can collaborate in real time for great results. 

<a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.worksmobile?tab=Overview">Works Mobile Chat Service</a>offers business messenger service for users to talk with their contact list freely. Users can easily send photos and videos while talking and can also share contact and location information. <a href="https://line.worksmobile.com/jp/home/talk">Works Mobile</a> is the only business chat to connect with LINE. LINE Works also contacts customers and business partners for easy communication. 

Content Management apps: 

<a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.azuredockit?tab=Overview">Azure DockIt</a>is a SaaS solution that automatically generates technical documentation of your Azure environment. <a href="https://www.azuredockit.com/">Azure DockIt</a> can generate a complete documentation of your Microsoft Azure Subscrtipion in less than 5 minutes. 

<a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.evernote?tab=Overview">Evernote</a>allows you to capture information in any environment using whatever device or platform you find most convenient, and makes this information accessible and searchable at any time from any devices. <a href="https://evernote.com/">Evernote</a> helps users collaborate in a single workspace. 

<a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.inkling?tab=Overview">Inkling</a> offers a mobile platform that brings policies and procedures to life for deskless worker. The <a href="https://www.inkling.com/product/collaborative-authoring/">Inkling</a> collaborative authoring tools let users select content types, drag and drop widgets, automate import of old files, and allow multiple authors edit the content simultaneously. 

Developer Services apps: 

<a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.githubcom?tab=Overview">GitHub</a>is a development platform inspired by the way developers work. GitHub hosts code, manages projects, and builds software alongside millions of developers. <a href="https://github.com/">GitHub</a> brings teams together to work through problems, move ideas forward, and learn from each other along the way. 

Facility Management apps: 

<a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.servicechannel?tab=Overview">ServiceChannel</a>provides facilities and contractor management platform that enables complete service automation and repair and maintenance management at all locations. <a href="http://servicechannel.info/service-automation/">ServiceChannel</a> isin the process of transforming the Facilities Management industry and assisting companies to be better in running their operations. 

Finance apps: 

<a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.landgorillaclient?tab=Overview">Land Gorilla Client app</a>provides the construction loan software and lending solutions that streamline post-closing construction administration services, so customers can easily scale and control their pipeline as they increase loan volume. Construction lenders trust <a href="https://www.landgorilla.com/">Land Gorilla</a>. 

Healthcare apps: 

<a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.cernercentral?tab=Overview">Cerner Central</a>is a web portal for client IT administrators to manage identity federation, access management, and auditing capabilities for Cerner’s cloud platforms: Healthe Intent and Millennium. <a href="https://cernercentral.com/">Cerner Central</a> is the hub that securely connects your enterprise to the Cerner Cloud for app access, authentication token management, audit reports, device access, user accounts and more.
<a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.deskyogi?tab=Overview">Desk Yogi</a>offers a wellnesssolution and provides fitness, yoga, nutrition and stress reduction right at your desk. <a href="https://www.desk-yogi.com/">Desk Yogi</a> helps you improve 
your health and happiness with 3 to 10-minute video lessons taught by expert teachers.
Productivity apps: 

<a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.adobecreativecloud?tab=Overview">Adobe Creative Cloud</a>gives you everything that you need to turn your brightest ideas into your best work across your desktop and mobile devices and share it with the world. <a href="https://www.adobe.com/creativecloud.html">Creative Cloud</a> provides the essential tools like Photoshop to innovative new tools like Adobe DX. You also get build-in templates to jump-start your designs and step-by-step tutorials to help you get up to speed quickly and sharpen your skills. It is your entire creative world, all in one place. 

Project Management apps: 

<a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.p2wareppmonline?tab=Overview">P2ware PPM </a>solution combines leading project portfolio management techniques with 7*24 cloud availability. <a href="https://p2ware.com/en/project-management-tools/project-manager/7">P2ware Project Manager</a> is a project manage app that embraces all aspects of real world project management from planning to execution. 

Security apps: 

<a href="https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.zscalerprivateaccess?tab=Overview">Zscaler Private Access (ZPA)</a> 
delivers policy-based, secure access to applications and assets without the hassle or security risks of a VPN. The <a href="https://www.zscaler.com/products/zscaler-private-access">Zscaler</a> approach is more secure than VPN because it reduces the potential attack surface and doesn’t require hardware infrastructure.
If you want to suggest a new SaaS app, please submit your request using the <a href="http://aka.ms/aadapprequest">Azure AD Application Request forum</a>. We are actively reviewing the requests and working to release new SaaS app.
Best Regards,
Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)
Director of Program Management
Microsoft Identity Division
]]></content:encoded> </item> <item> <title>PingAccess for Azure AD: The public preview is being deployed!</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/22/pingaccess-for-azure-ad-the-public-preview-is-being-deployed/</link> <pubDate>Wed, 22 Mar 2017 16:00:52 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Apps]]></category> <category><![CDATA[Authentication]]></category> <category><![CDATA[Hybrid]]></category> <category><![CDATA[Hybrid Cloud]]></category> <category><![CDATA[Identity-driven Security]]></category> <category><![CDATA[On-Prem]]></category> <category><![CDATA[SSO]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=49215</guid> <description><![CDATA[Howdy folks, Back in September, I blogged about our exciting partnership with Ping Identity. Since then, Microsoft and Ping Identity have worked closely together to extend the capabilities of Azure AD Application Proxy to support new kinds of on-premises applications using Ping Access. I’m happy to announce today that PingAccess for Azure AD is now <a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/03/22/pingaccess-for-azure-ad-the-public-preview-is-being-deployed/">Continue reading</a>]]></description> <content:encoded><![CDATA[Howdy folks,
Back in September, I blogged about <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/09/14/azuread-and-pingaccess-partnering-to-bring-you-secure-remote-access-to-even-more-on-premises-web-apps/">our exciting partnership with Ping Identity</a>.
Since then, Microsoft and Ping Identity have worked closely together to extend the capabilities of Azure AD Application Proxy to support new kinds of on-premises applications using Ping Access.
I’m happy to announce today that PingAccess for Azure AD is now ready for Public Preview and is currently being deployed across Azure AD data centers around the world. Many of you in North America will see it turn on today and it should be available to everyone by the end of the day Friday, 3/24/2017.
I’ve invited one of the program managers on our team, Harshini Jayaram, to share more details in a blog, which you’ll find below. We hope you try it out and look forward to hearing what you think!
Best regards,
Alex Simons (Twitter: <a href="http://www.twitter.com/alex_a_simons">@Alex_A_Simons</a>)
Director of Program Management
Microsoft Identity Division
—-
Hi all,
We’ve already have many customers use Application Proxy to provide single sign-on (SSO) and secure remote access for web applications hosted on-premises. Many of them use this product for applications such as local SharePoint sites, Outlook Web Access for local Exchange servers, and other business web applications. It is a simple, secure, and cost-effective solution:
<ul>
<li>Simple: You don’t need to change the network infrastructure, put anything in a DMZ, or use VPN.</li>
<li>Secure: Application Proxy only uses outbound connections, giving you a more secure solution. It also works with other security features you’ve seen in Azure such as two-step verification, conditional access, and risk analysis. Learn more about this in <a href="https://docs.microsoft.com/en-us/azure/active-directory/application-proxy-security-considerations">Security considerations for Azure AD Application Proxy</a>.</li>
<li>Cost-Effective: Application Proxy is a service that we maintain in the cloud, so you can save time and money.</li>
</ul>
Right now, all those benefits of Application Proxy are available for many different types of applications, including:
<ul>
<li>Web applications using Integrated Windows Authentication</li>
<li>Web applications using form-based access</li>
<li>Web APIs that you want to expose to rich applications on different devices</li>
<li>Applications hosted behind a Remote Desktop Gateway</li>
</ul>
If you want more details, you can check out our <a href="https://go.microsoft.com/fwlink/?linkid=844804">Application Proxy documentation</a>. For this blog, I want to focus more on how we’re adding header-based applications with this new public preview!
<h2>PingAccess for Azure AD enables more apps!</h2>
Our customers have consistently asked for Application Proxy to also support apps that use headers for authentication, such as Peoplesoft, Netweaver Portal, and WebCenter. To enable this capability for our Azure AD Premium customers, we have partnered with Ping Identity. Ping Identity’s PingAccess now allows Application Proxy to support apps that use header-based authentication.
PingAccess is installed on-premises. For apps that use header-based authentication, Application Proxy connectors route traffic through PingAccess. Existing App Proxy applications are not impacted and use the current flow with no changes. An overview of this flow is shown below, and you can always check out our <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-get-started">overview documentation</a> for more on App Proxy flows.
<img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/03/032217_0025_PingAccessf1.jpg" />
Figure 1: Application Proxy + PingAccess Infrastructure Overview
PingAccess is a separately licensed feature, but your Azure Premium licenses now include a free license to configure up to 20 applications with this flow. If you have more apps, you’ll need to get a license through Ping Identity.
<h2>Joining the Preview</h2>
We are excited to have you join our preview! To get started you need to:
<ol>
<li>Configure Application Proxy Connectors</li>
<li>Create an Azure AD Application Proxy Application</li>
<li>Download & Configure PingAccess</li>
<li>Configure Applications in PingAccess</li>
</ol>
Just head to our <a href="https://docs.microsoft.com/en-us/azure/active-directory/application-proxy-ping-access">Application Proxy + PingAccess documentation</a> for a walkthrough of each of these steps.
We hope you enjoy trying this preview! As always, we’d love to hear from you with any questions, comments, or feedback, so please leave us a comment or reach out to us directly at <a href="mailto:aadapfeedback@microsoft.com">aadapfeedback@microsoft.com</a>.
Thanks,
Harshini Jayaram
]]></content:encoded> </item> <item> <title>First ever #AzureAD AMA results</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/21/first-ever-azuread-ama-results/</link> <pubDate>Tue, 21 Mar 2017 16:00:25 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=49165</guid> <description><![CDATA[Howdy folks, On March 9th, the Azure AD team hosted its first “Ask Me Anything” (AMA) on Reddit. A bunch of us gathered in a big conference room, and even more of the team joined on a Skype call (sadly, the Skypers didn’t get any of the snacks or pizza).And so many of you asked <a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/03/21/first-ever-azuread-ama-results/">Continue reading</a>]]></description> <content:encoded><![CDATA[Howdy folks,
On March 9th, the Azure AD team hosted its first “Ask Me Anything” (AMA) on Reddit. A bunch of us gathered in a big conference room, and even more of the team joined on a Skype call (sadly, the Skypers didn’t get any of the snacks or pizza).And so many of you asked such great questions that we learned a lot ourselves. Thank you for participating!
If you haven’t had a chance to go through the thread yet, I recommend you <a href="http://aka.ms/azuread-reddit-ama">take a look</a>.There’s a lot of interesting and valuable information there.
<img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/03/032117_0547_FirsteverAz1.jpg" />
Just about to start! 

<img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/03/032117_0547_FirsteverAz2.jpg" />
Everyone hard at work AMAing 

So how did it go? Pretty awesome! Some quick stats:
<ul>
<li>More than 50 people from our team participated, and some of our wonderful MVPs and representatives from our Microsoft partner teams joined, as well</li>
<li>We had 102 top-level questions (29 per hour) and 449 total comments (128 per hour)</li>
<li>Our post was upvoted by 96% of people with a total of 72 points. This compares with:
<ul>
<li>25 – average number of points for of all other /r/Azure AMAs (a 284% increase!)</li>
<li>89% – average upvote percentage for all other /r/Azure AMAs (a 7.8% increase!)</li>
</ul>
</li>
<li>We answered 99% of questions during the event</li>
<li>The <a href="http://aka.ms/azuread-reddit-ama">Azure AD AMA page</a> had 2,586 hits in the five days surrounding the event, and is still getting 60-100 hits per day</li>
</ul>
For questions per hour, total comment count, and response rate, we’re the new AMA champions at Microsoft.The SQL team has us beat for total number of questions, though, so we’ll definitely host another AMA in the future and try to knock them off the top. We’re looking forward to it and hope you’ll join us!
Best regards,
Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)
Director of Program Management
Microsoft Identity Division
]]></content:encoded> </item> </channel> </rss>

Get started with Enterprise Mobility

Try now

Apr	MAY	Jun
	05
2016	2017	2018

Protect your business with identity and access management in the cloud

Benefits of Active Directory

Single sign-on to any cloud and on-premises web app

Easily extend Active Directory to the cloud

Works with iOS, Mac OS X, Android and Windows devices

Protect sensitive data and applications

Protect on-premises web applications with secure remote access

Reduce costs and enhance security with self-service capabilities

Enterprise scale and SLA

Azure Active Directory applications: Featured apps

Box

Citrix

Citrix GoToMeeting

Concur

Docusign

DropBox for Business

Dynamics CRM

Facebook at Work

Google Apps

Jive

MyDay

Office 365 Exchange Online

Office 365 SharePoint Online

NetSuite

Salesforce

Salesforce Sandbox

ServiceNow

Workday

Azure Active Directory applications: New apps

Clockworks

FileCloud

Cezanne HR

Flat for Education

Insider Track

BGS Online

Nexonia

Proofpoint on Demand

Lifesize Cloud

Reward Gateway

Pacific Timesheet

Cisco Spark

Recognize

Yonyx Interactive Guides

Identity Panel

Hall Monitor

MediaValet

Origami Risk

Complion

Predictix

Mojo Helpdesk

SharpCloud Standard

Boost mobile productivity with secured access to applications

Save time with simplified identity management

AZURE ACTIVE DIRECTORY TEAM BLOG

Get started with Enterprise Mobility

Follow us

Share this page