Protect your business with identity and access management in the cloud
Get single sign-on to thousands of cloud apps and access to web apps that you run on-premises with Azure Active Directory Premium. Built for ease of use, Azure Active Directory management tools enable collaboration and deliver holistic identity protection and adaptive access control.
Benefits of Active Directory
Single sign-on to any cloud and on-premises web app
Azure Active Directory provides secure single sign-on to cloud and on-premises applications including Microsoft Office 365 and thousands of SaaS applications such as Salesforce, Workday, DocuSign, ServiceNow, and Box.
See more supported SaaS apps
Easily extend Active Directory to the cloud
Connect Active Directory and other on-premises directories to Azure Active Directory in just a few clicks and maintain a consistent set of users, groups, passwords, and devices across both environments.
Connect on-premises directories with Azure
Works with iOS, Mac OS X, Android and Windows devices
Users can launch applications from a personalized web-based access panel, mobile app, Office 365, or custom company portals using their existing work credentials—and have the same experience whether they’re working on iOS, Mac OS X, Android and Windows devices.
Protect sensitive data and applications
Enhance application access security with unique identity protection capabilities that provide a consolidated view into suspicious sign-in activities and potential vulnerabilities. Take advantage of advanced security reports, notifications, remediation recommendations and risk-based policies to protect your business from current and future threats.
Protect on-premises web applications with secure remote access
Access your on-premises web applications from everywhere and protect with multi-factor authentication, conditional access policies, and group-based access management. Users can access SaaS and on-premises web apps from the same portal.
Reduce costs and enhance security with self-service capabilities
Delegate important tasks such as resetting passwords and the creation and management of groups to your employees. Providing self-service application access and password management through verification steps can reduce helpdesk calls and enhance security.
Enterprise scale and SLA
Azure Active Directory Premium offers enterprise-grade scale and reliability. As the directory for Office 365, it already hosts hundreds of millions of users and handles billions of authentications every day. The high availability service is hosted in globally distributed datacenters in 17 regions, with worldwide technical support that provides a 99.9% SLA.
Azure Active Directory applications: New apps
Clockworks
FileCloud
Cezanne HR
Flat for Education
Insider Track
BGS Online
Nexonia
Proofpoint on Demand
Lifesize Cloud
Reward Gateway
Pacific Timesheet
Cisco Spark
Recognize
Yonyx Interactive Guides
Identity Panel
Hall Monitor
MediaValet
Origami Risk
Complion
Predictix
Mojo Helpdesk
SharpCloud Standard
Boost mobile productivity with secured access to applications
Using Azure Active Directory Premium, Bristow Group provided its helicopter pilots and support crews—a highly mobile workforce—easier access to critical enterprise applications, both on-premises and in the cloud.
Read the case study
Save time with simplified identity management
Royal Dutch Shell chose Azure Active Directory to simplify identity management for vendors and employees. Now the company provides fast, secured access to external vendors, cutting onboarding time from months to less than a week.
Read the case study
<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:wfw="http://wellformedweb.org/CommentAPI/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
>
<channel>
<title>Azure Active Directory – Enterprise Mobility and Security Blog</title>
<atom:link href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=azure-active-directory" rel="self" type="application/rss+xml" />
<link>https://blogs.technet.microsoft.com/enterprisemobility</link>
<description>The most recent news and updates about Microsoft’s Enterprise Mobility offerings and events for enterprise technology professionals and developers.</description>
<lastBuildDate>Thu, 18 May 2017 16:00:16 +0000</lastBuildDate>
<language>en-US</language>
<sy:updatePeriod>hourly</sy:updatePeriod>
<sy:updateFrequency>1</sy:updateFrequency>
<item>
<title>Get Intune PowerShell samples for Microsoft Graph API</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/15/get-intune-powershell-samples-for-microsoft-graph-api/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/15/get-intune-powershell-samples-for-microsoft-graph-api/#respond</comments>
<pubDate>Mon, 15 May 2017 16:00:49 +0000</pubDate>
<dc:creator><![CDATA[Microsoft Intune Team]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Office 365]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=51425</guid>
<description><![CDATA[In a recent blog post, you saw how the Microsoft Graph API enables you to automate workflows, access data, and integrate your applications using a single endpoint for Intune, Azure Active Directory, and Office 365. ]]></description>
<content:encoded><![CDATA[<p>In a <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/03/20/microsoft-enterprise-mobility-security-and-the-microsoft-graph-api/">recent blog post</a>, you saw how the <a href="https://developer.microsoft.com/en-us/graph/">Microsoft Graph API</a> enables you to automate workflows, access data, and integrate your applications using a single endpoint for Intune, Azure Active Directory, and Office 365. Microsoft Graph API gives you access to Intune data such as configuration profiles, mobile applications, conditional access policies, and more – but in a programmatic way.</p> <p> </p> <p><a href="https://msdnshared.blob.core.windows.net/media/2017/05/Microsoft-Graph-API.png"><img width="843" height="577" title="Microsoft Graph API" class="aligncenter" style="float: none;padding-top: 0px;padding-left: 0px;margin-left: auto;padding-right: 0px;margin-right: auto;border-width: 0px" alt="Microsoft Graph API" src="https://msdnshared.blob.core.windows.net/media/2017/05/Microsoft-Graph-API_thumb.png" border="0" /></a></p> <p> </p> <p>A lot of our customers were excited to get started with Microsoft Graph API, and we would like to give you a jump start. Weve put a set of PowerShell sample scripts in Github for you: <a href="https://github.com/microsoftgraph/powershell-intune-samples">https://github.com/microsoftgraph/powershell-intune-samples</a>. These sample scripts demonstrate how you can use Microsoft Graph API to create or update mobile applications, compliance policy, RBAC roles, and configuration profiles among other common tasks.</p> <p>To get started, visit <a href="https://github.com/microsoftgraph/powershell-intune-samples">Github</a>, ensure you have all the prerequisites installed (check out readme.md), and that youre using a test tenant. Then give the scripts a try and let us know what you think!</p> <p>Note: The Intune and Azure AD APIs are available in preview now as part of the Microsoft Graph API beta and will be generally available later in 2017.*For a closer look, check out the documentation on how to use <a href="https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/intune_graph_overview">Intune</a> and <a href="https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api">Azure Active Directory</a> APIs.</p> <hr /> <p><em>*Use of a Microsoft online service requires a valid license. Therefore, accessing EMS, Microsoft Intune, or Azure Active Directory Premium features via Microsoft Graph API requires paid licenses of the applicable service and compliance with Microsoft Graph API Terms of Use.</em></p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/15/get-intune-powershell-samples-for-microsoft-graph-api/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>The new Azure AD Admin Console is GA!</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/15/the-new-azure-ad-admin-console-is-ga/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/15/the-new-azure-ad-admin-console-is-ga/#comments</comments>
<pubDate>Mon, 15 May 2017 16:00:33 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=51556</guid>
<description><![CDATA[Howdy folks, Today is a big day for our customers. I’m incredibly excited to announce that the Azure Active Directory Admin Console (in the new Azure portal) is now Generally Available! Last September, we kicked off the public preview of our new console at http://portal.azure.com and since over 750k admins from 500k organizations have tried <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/05/15/the-new-azure-ad-admin-console-is-ga/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>Howdy folks,</p> <p>Today is a big day for our customers. I’m incredibly excited to announce that the Azure Active Directory Admin Console (in the new Azure portal) is now Generally Available!</p> <p>Last <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/09/12/the-azuread-admin-experience-in-the-new-azure-portal-is-now-in-public-preview/">September</a>, we kicked off the public preview of our new console at <a href="http://portal.azure.com">http://portal.azure.com</a> and since over 750k admins from 500k organizations have tried it out.You’ve told us that you love the new experience, so we hope you’re as excited today as we are!</p> <p>This has been a huge effort across the entire Identity Division and we are looking forward to having you use it.</p> <p>Give it a try at <a href="http://aad.portal.azure.com">http://aad.portal.azure.com</a>, or watch the overview video below, and let us know what you think. </p> <p><iframe src="https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos/Azure-Active-Directory-Admin-Experience-in-the-Azure-Portal/player" width="960" height="540" allowFullScreen frameBorder="0"></iframe></p> <p>If you’d like more detail, keep reading. I’ve asked Principal Program Manager Ilana Smith to tell you a bit about what we built. <span style="background-color: yellow"><br /> </span></p> <p>Best Regards,</p> <p>Alex Simons (Twitter: @Alex_A_Simons)</p> <p>Director of Program Management</p> <p>Microsoft Identity Division</p> <p>—–</p> <p>As we migrated the admin console to the new Azure portal, we began by listening to you, our customers. You told us you wanted a better view into your organization. To easily understand what kind of activity was occurring. To be able to quickly figure out what information was available. To understand who had access to what and to understand how and when users were granted access.</p> <p>Based on that feedback, we designed the new experience to:</p> <ul> <li>Be simple and optimized for getting work done.</li> <li>Provide <em>insight</em> to help you make the right decisions.</li> <li>Give you easy access to information.</li> <li>Give you information you didn’t previously have.</li> <li>Enable you to dig into all the nitty gritty details.</li> </ul> <p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/05/051517_0529_ThenewAzure1.png" /></p> <p style="text-align: center"><a href="http://aad.portal.azure.com"><em>http://aad.portal.azure.com</em></a></p> <p><strong>Know Your Organization<br /> </strong></p> <p>The new experience begins with our brand-new landing page and dashboard. This scoped version of the Azure portal is new for our GA release and is available at <a href="http://aad.portal.azure.com">http://aad.portal.azure.com</a>. Here we focus purely on directory functionality and provide access to all Azure Active Directory features.</p> <p>From this dashboard, you can get an overview of the state of your organization, and easily dive into managing the directory, users, or application access.</p> <p><strong>Understand access<br /> </strong></p> <p>Understanding what a user has access to, and when and how that access was granted, is essential for managing and securing your organization. A key part of our experience is the holistic view of access that we provide, pivoted on a user. From this view you can see the groups that user is a member of, what role they have, what licenses have been assigned, and their Azure resources.</p> <p>New in this GA release is the view of what applications a user has access to, either assigned or consented. This is a ground-breaking new view of directory information, and we will dig into it further in a future blog post.</p> <p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/05/051517_0529_ThenewAzure2.png" /><em><br /> </em></p> <p style="text-align: center"><em>All the applications a user has access to</em></p> <p><strong>Story of your organization<br /> </strong></p> <p>We took a fresh approach to reporting on activity. Rather than providing a number of fixed reports, we now provide audit and sign-in activity as streams of data with rich filtering and search capabilities. You can see the activity for the whole organization, or dive into a single user, group, or application, and then slice and dice the information in whatever way is most useful for you.</p> <p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/05/051517_0529_ThenewAzure3.png" /></p> <p style="text-align: center"><em>View all activity for your organization or a single user, group, or application.<br /> </em></p> <p>These activity reports are also available via API, so they can easily be pulled into things like your existing SIEM tool. We even have a <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/01/20/admins-rejoice-azure-active-directory-meets-power-bi/">PowerBI content pack</a> ready to go. Find out more about <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/11/08/azuread-weve-just-turned-on-detailed-auditing-and-sign-in-logs-in-the-new-azure-portal/">our reporting capabilities</a>.</p> <p><strong>Integration with other services<br /> </strong></p> <p>One of the most exciting things about moving to the new Azure portal is the opportunity to integrate with the other services you use. While we have a scoped directory experience, our full functionality continues to be available at <a href="http://portal.azure.com">http://portal.azure.com</a>, so you can make the most of it while working with other Azure services such as Microsoft Intune and our Enterprise Mobility + Security conditional access experience.</p> <p>The new portal does not require an Azure subscription, which streamlines access, especially for Office 365 admins, whose lives will be made easier with our new <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/02/22/announcing-the-public-preview-of-azure-ad-group-based-license-management-for-office-365-and-more/">group-based licensing</a> functionality.</p> <p><strong>What’s Next<br /> </strong></p> <p>Our team is working hard to continue innovating and adding value, so, to that end, we have a couple more features on the way, including MFA provider management and Azure AD Domain Services.</p> <p>We’d all like to thank you so much for your contributions to this release.A project this important could not have been successful without the continual guidance of your feedback.Our work is never done, so keep it coming! You can always talk to us in the ‘Admin Portal’ section of our <a href="https://feedback.azure.com/forums/169401-azure-active-directory/category/162510-admin-portal">feedback forum</a>.</p> <p>Thanks,</p> <p>Ilana Smith</p> <p>Principal PM Manager</p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/15/the-new-azure-ad-admin-console-is-ga/feed/</wfw:commentRss>
<slash:comments>3</slash:comments>
</item>
<item>
<title>Azure Active Directory at Microsoft Build 2017</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/10/azure-active-directory-at-microsoft-build-2017/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/10/azure-active-directory-at-microsoft-build-2017/#respond</comments>
<pubDate>Wed, 10 May 2017 19:00:02 +0000</pubDate>
<dc:creator><![CDATA[John Justice [MSFT]]]></dc:creator>
<category><![CDATA[Announcements]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=51385</guid>
<description><![CDATA[Hi everyone, Happy Build week! Every team in the Identity Division is focusing more than ever on making developers successful on our identity platform, so were really excited to share todays news: Azure Active Directory B2C enhancements and the new Microsoft Authentication Libraries (MSAL), both available in preview. Azure Active Directory B2C: Super simple or <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/05/10/azure-active-directory-at-microsoft-build-2017/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>Hi everyone,</p> <p>Happy Build week!</p> <p>Every team in the Identity Division is focusing more than ever on making developers successful on our identity platform, so were really excited to share todays news: Azure Active Directory B2C enhancements and the new Microsoft Authentication Libraries (MSAL), both available in preview.</p> <h2>Azure Active Directory B2C: Super simple or as customized as you need!</h2> <p>Since its <a target="_blank" href="https://azure.microsoft.com/en-us/blog/azuread-b2c-ga-announcement/">general availability in July 2016</a>, Azure AD B2C has helped organizations around the world connect with millions of customers through its scalability, reliability, and flexibility. Driven by your feedback, weve added several new capabilities over the last 10 months: <a target="_blank" href="https://blogs.msdn.microsoft.com/appserviceteam/2016/06/22/app-service-auth-and-azure-ad-b2c/">Support for App Service</a>, <a target="_blank" href="https://azure.microsoft.com/en-us/blog/azure-ad-b2c-access-tokens-now-in-public-preview/">Access tokens</a>, <a target="_blank" href="https://azure.microsoft.com/en-us/blog/new-in-azure-ad-b2c/">Single-page app (SPA) support, Usage reporting APIs, Friction-free consumer sign-up</a>.</p> <p>Last month we made the service globally available and also offered organizations the option to choose datacenter location in either Europe or the US only, to help with data protection regulations. Today we are providing even more flexibility by adding support for 37 languages and enabling two different configuration options:</p> <ul> <li><strong>Simple:</strong> The standard, out-of-the-box option that requires minimal or no code will still be available for those projects that are straightforward and dont require customization.</li> <li><strong>Custom:</strong> For more demanding sign-up and sign-in scenarios, Azure Active Directory B2C will expose the power of the core engine of Azure Active Directory platform for a fully customizable user experience.</li> </ul> <p>This new custom configuration option, which is currently in public preview, lets developers:</p> <ul> <li>Integrate with existing user databases of customers/citizens/employees, CRM systems, and marketing analytics tools</li> <li>Define user journeys step-by-step as exchanges between claims providers</li> <li>Define conditional branching in user journeys</li> <li>Integrate REST API-enabled services in custom authentication user journeys</li> <li>Enable federation with identity providers compliant with the OpenID Connect standard.</li> <li>Enable federation with identity providers adhering to the SAML 2.0 protocol</li> </ul> <p>We hope you find these new features as critical to your business as the team from the <a target="_blank" href="https://customers.microsoft.com/en-us/story/indianaofficeoftechnology">State of Indiana</a> did:</p> <p><em><strong>Having the ability to do everything as efficiently as possible helps make Indiana a great state to live in and do business [in]. Were one of the more business-friendly states in the Midwest, and INBiz with Azure AD B2C ensures that we can strengthen that position.</strong></em></p> <p>Jim Obermaier, Program Manager for INBiz, Indiana Secretary of State</p> <p>Visit the <a target="_blank" href="https://azure.microsoft.com/en-us/services/active-directory-b2c/">Azure AD B2C website</a> for more details.</p> <h2>Azure Active Directory and Microsoft Accounts: New public preview libraries</h2> <p>We are also announcing the new Microsoft Authentication Library (MSAL) for <a target="_blank" href="https://github.com/AzureAD/microsoft-authentication-library-for-js">JavaScript</a>, <a target="_blank" href="https://github.com/AzureAD/microsoft-authentication-library-for-objc">iOS</a>, and <a target="_blank" href="https://github.com/AzureAD/microsoft-authentication-library-for-android">Android</a>, as well as updates to the already-available MSAL preview for <a target="_blank" href="https://github.com/AzureAD/microsoft-authentication-library-for-dotnet">.Net</a>. Using the new protocol endpoint of Azure Active Directory, MSAL enables developers to build web, mobile, and PC applications that allow users to sign in from both Microsoft personal accounts and Azure Active Directory work and school accounts, as well as get access tokens to call the Microsoft Graph. MSAL is also the library to use if you are building apps with Azure AD B2C.</p> <p>We have heard your feedback that integrating with Azure Active Directory and Microsoft Accounts needs to be really simple. We are pleased to announce our new interactive guided walkthroughs for apps looking to integrate with the MSAL libraries for .Net and Android. To try these guided walkthroughs, go to the <a target="_blank" href="https://apps.dev.microsoft.com/">Application Registration Portal</a> and click add an app. Additional guided walkthroughs are coming soon.</p> <p>MSAL is the successor to the Active Directory Authentication Library (ADAL), which will remain fully supported while MSAL is in preview. Please read this <a target="_blank" href="https://azure.microsoft.com/en-us/blog/start-writing-applications-today-with-the-new-microsoft-authentication-sdks/">blog post by Vittorio Bertocci</a> for more details.</p> <p>The identity team is also working on Microsoft Graph. I suggest you <a target="_blank" href="https://dev.office.com/blogs/microsoft-graph-at-build-2017">read this blog</a> to learn whats new for Office on Microsoft Graph.</p> <h2>Come talk to us at Microsoft Build 2017</h2> <p>If youre attending Microsoft Build 2017 this week in Seattle, do join us at the Azure Active Directory booth in the expo area, or come to our sessions where well be sharing more detail on these exciting new capabilities:</p> <ul> <li>The keys to the cloud: Use Microsoft identities to sign in and access API from your mobile and web apps by Vittorio Bertocci(T4CD93)</li> <li>Securely sign-in your customers with Azure Active Directory B2C by Gerardo Saca (TD0863)</li> <li>Azure Active Directory v2 endpoint and MSAL: What’s new by Stuart Kwan (prerecorded session TCC1AF)</li> <li>Microsoft Graph: Build better apps with the API to your organization by Yina Arenas (T485A8)</li> <li>Add custom data to Microsoft Graph by Dan Kershaw (prerecorded session T8A08C)</li> <li>Build end-to-end solutions across the Common Data Service, Microsoft Dynamics 365, and Office 365 by Chris Garty and Suresh Jayabalan (prerecorded session TB95B4)</li> <li>Microsoft Graph delta query and webhooks by Jeff Sakowicz (prerecorded session T838C7)</li> <li>Using Microsoft Graph to connect to Office 365 data by Yina Arenas (T2F889)</li> </ul> <p>Stay on top of news and announcements by following us on <a target="_blank" href="http://www.twitter.com/azuread">Twitter</a>, and visit our new <a target="_blank" href="https://azure.microsoft.com/en-us/develop/identity/">Azure AD for developers website</a>.</p> <p>We hope you try out these new features and, as always, look forward for your feedback and <a target="_blank" href="https://feedback.azure.com/forums/169401-azure-active-directory/category/160596-b2c?query=github">suggestions</a>!</p> <p>John Justice</p> <p>Director of Program Management</p> <p>Microsoft Identity Developer Platform</p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/10/azure-active-directory-at-microsoft-build-2017/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>Azure AD and third-party apps: It’s a bigger deal than you might think!</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/01/azure-ad-and-third-party-apps-its-a-bigger-deal-than-you-might-think/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/01/azure-ad-and-third-party-apps-its-a-bigger-deal-than-you-might-think/#comments</comments>
<pubDate>Mon, 01 May 2017 16:00:52 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Apps]]></category>
<category><![CDATA[Cloud]]></category>
<category><![CDATA[SaaS]]></category>
<category><![CDATA[SSO]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=51195</guid>
<description><![CDATA[Howdy folks, Today I’ve got a new batch of data to share that I hope many of you will find interesting and useful. Those of you who follow the blog know that Azure AD works well with a ton of applications and that our app gallery features over 2,800 pre-integrated third-party apps. (Third-party meaning apps <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/05/01/azure-ad-and-third-party-apps-its-a-bigger-deal-than-you-might-think/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>Howdy folks,</p> <p>Today I’ve got a new batch of data to share that I hope many of you will find interesting and useful.</p> <p>Those of you who follow the blog know that Azure AD works well with a ton of applications and that our app gallery features over 2,800 pre-integrated third-party apps. (Third-party meaning apps that were written by someone other than Microsoft).</p> <p>But did you ever wonder which apps people use the most? Or how many people use Azure AD with third-party apps? Well today your questions will be answered.</p> <p>Let’s start with the top-level numbers.</p> <ul> <li>In April, <strong>6.7 million unique active users</strong> signed into a third-party app using Azure AD. Pretty amazing right? And that number is growing 10-12% every month!</li> <li>Those 6.7 million unique active users signed into more than <strong>190k </strong><strong>third-party apps</strong>! And that number grows by 10k to 20k apps per month. (Yes, this numbers blows my mind too!)</li> </ul> <p>Those are some really big numbers. They give you an idea of just how big the use of Azure AD as a cloud IDaaS service is. Even more exciting for us is how fast usage is growing, both in terms of the number of unique active users and unique active applications. Let’s take a look at the growth in these numbers over the last 12 months:</p> <p style="text-align: left"><img width="957" height="786" class="size-full wp-image-51235 aligncenter" alt="unique-users-vs-apps" src="https://msdnshared.blob.core.windows.net/media/2017/04/unique-users-vs-apps.png" /></p> <p style="text-align: left">The number of Azure AD tenants (a good proxy for customers) that have a user using third-party apps is growing at a similar pace:</p> <p style="text-align: center"><img width="954" height="789" class="alignnone wp-image-51245 size-full" alt="unique-users-vs-tenants" src="https://msdnshared.blob.core.windows.net/media/2017/04/unique-users-vs-tenants.png" /></p> <p style="text-align: left">Now, you might also be wondering: what kinds of apps are these people using?</p> <p>As you would expect, customers use Azure AD with Office 365 and Azure more than anything else, but they also use Azure AD with a boatload of third-party SaaS apps, custom line-of-business apps and on-premises apps. Many of our largest customers have all of these types of apps integrated with Azure AD. One of our customers already has 1,329 unique third-party applications their employees access using Azure AD!</p> <p>You’re probably also curious about which third-party SaaS apps Azure AD users use the most. Here’s a chart with the top 15 third-party SaaS apps by usage month for the last nine months:</p> <p style="text-align: center"><img width="1024" height="537" class="size-large wp-image-51225 aligncenter" alt="top-3rd-party-apps" src="https://msdnshared.blob.core.windows.net/media/2017/04/Top-3rd-party-apps-1024x537.png" /></p> <p style="text-align: left">Pretty cool, right? Who would have guessed that there would be a lot of customers using Azure AD with Google Apps, Workday, or ServiceNow? When we started working on Azure AD Premium five years ago, I hoped this would be the case. It’s exciting to see it’s happening!</p> <p>Hopefully this was interesting information, and you found it useful. If we see a lot of interest, I’ll start publishing this data on a regular basis.</p> <p>And thanks to our customers for betting on us and making this happen. We really appreciate your vote of confidence and we wouldn’t be here without the awesome input and feedback you’ve given us.</p> <p>Best Regards,</p> <p>Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)</p> <p>Director of Program Management</p> <p>Microsoft Identity Division</p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/01/azure-ad-and-third-party-apps-its-a-bigger-deal-than-you-might-think/feed/</wfw:commentRss>
<slash:comments>4</slash:comments>
</item>
<item>
<title>New Enhancements to the Azure AD Pass Through Authentication Preview are live!</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/27/new-enhancements-to-the-azure-ad-pass-through-authentication-preview-are-live/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/27/new-enhancements-to-the-azure-ad-pass-through-authentication-preview-are-live/#comments</comments>
<pubDate>Thu, 27 Apr 2017 16:00:00 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Authentication]]></category>
<category><![CDATA[Cloud]]></category>
<category><![CDATA[Deployment]]></category>
<category><![CDATA[Hybrid]]></category>
<category><![CDATA[Hybrid Cloud]]></category>
<category><![CDATA[SSO]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=51155</guid>
<description><![CDATA[Howdy folks, If you’re a follower of this blog you’ll probably recall that we announced pass-through authentication and seamless single sign-on in Azure AD at the end of last year. These features make it easy and fast to deliver world class end user sign-in experiences with Azure AD. Today I’m excited to announce a few <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/04/27/new-enhancements-to-the-azure-ad-pass-through-authentication-preview-are-live/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>Howdy folks,</p> <p>If you’re a follower of this blog you’ll probably recall that we <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/12/07/introducing-azuread-pass-through-authentication-and-seamless-single-sign-on/">announced</a> pass-through authentication and seamless single sign-on in Azure AD at the end of last year. These features make it easy and fast to deliver world class end user sign-in experiences with Azure AD. Today I’m excited to announce a few improvements we’ve made that make these capabilities even more secure, easier to use, and easier to administer.</p> <p><strong>Pass-through authentication<br /> </strong></p> <p>Pass-through authentication lets users sign in to your cloud apps while getting rid of the need to store any user passwords in the cloud or deploy new server infrastructure. Some of the key improvements we’ve just turned on include:</p> <ul> <li><strong>Security</strong>: We’ve improved user sign-on security with public key / private key encryption between Azure AD and on-premises agents. That’s in addition to secure HTTPS, which is always used to transfer usernames and passwords.</li> <li><strong>Usability</strong>: We now support using any attribute, configured as Alternate ID in Azure AD Connect, as the username.</li> <li><strong>Easier deployment</strong>: Now you only need to open two ports to deploy pass-through authenticationthe standard ports 80 and 443.</li> </ul> <p><strong>Seamless single sign-on<br /> </strong></p> <p>Seamless single sign-on gives users on your corporate network the ability to access cloud apps from their domain-joined devices without needing to re-enter their passwords. This feature uses Kerberos authentication instead.</p> <p>We simplified the end user sign-on experience by removing the need for your users to enter their usernames when they access cloud apps with tenant-specific URLs (like outlook.office365.com/owa/contoso.com).</p> <p><strong>Customer adoption<br /> </strong></p> <p>We’ve seen our enterprise customers enthusiastically adopting these new capabilities even before they go GA. Deutsche Post DHL, a global organization with almost 500,000 employees, has been using these features in production and has this to say about their experience:</p> <blockquote><p>“We use pass-through authentication and seamless single sign-on to provide 50,000+ users the ability to sign-in to Yammer and 16 other enterprise applications. What I like most about it is its simplicity – it just works! We plan to migrate all ADFS-based applications to this setup soon.” – <strong>Joe Gasowski</strong>, Head of Identity and Access Management, Deutsche Post DHL</p></blockquote> <p><strong>Learn more!<br /> </strong></p> <p>Dive into our detailed documentation for <a href="https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication">pass-through authentication </a>and <a href="https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso">seamless single sign-on</a> and let us know what you think by leaving us a comment below or emailing us at <a href="mailto:aadopauthfeedback@microsoft.com">aadopauthfeedback@microsoft.com</a>. We look forward to hearing from you!</p> <p>Best regards,</p> <p>Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)</p> <p>Director of Program Management</p> <p>Microsoft Identity Division</p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/27/new-enhancements-to-the-azure-ad-pass-through-authentication-preview-are-live/feed/</wfw:commentRss>
<slash:comments>8</slash:comments>
</item>
<item>
<title>Demonstrating our Growth Mindset & Learning from our Customers: We’re reverting the branding logic on Azure AD login pages</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/25/having-a-growth-mindset-learning-from-our-customers-were-reverting-the-branding-logic-on-azure-ad-login-pages/</link>
<pubDate>Wed, 26 Apr 2017 00:26:09 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=51035</guid>
<description><![CDATA[Howdy folks, Back on April 7th we announced changes to the branding logic for Azure AD login pages. In the 18 days since then we’ve learned a ton from you, our customers, including the fact that many of you are not thrilled with these changes. Additionally, we learned that we took many you by surprise <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/04/25/having-a-growth-mindset-learning-from-our-customers-were-reverting-the-branding-logic-on-azure-ad-login-pages/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>Howdy folks,</p> <p>Back on April 7<sup>th </sup><a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/04/07/improving-the-branding-logic-of-azure-ad-login-pages/">we announced changes to the branding logic for Azure AD login pages</a>. In the 18 days since then we’ve learned a ton from you, our customers, including the fact that many of you are not thrilled with these changes. Additionally, we learned that we took many you by surprise and did not give you enough time to alert and train your employees about the change.</p> <p>So today we get to demonstrate our Growth Mindset! We’ve learned from your feedback and we’ve decided to roll back these changes (they are being reverted as I type). We’re going to revisit the overall here plan and take steps to better socialize and communicate future end-user facing UX changes. Ariel Gordon the PM for these features has the details below.</p> <p>Thanks to all of you who shared your feedback with us about these changes. We learned a lot from you and we’ll use these lessons to improve going forward.</p> <p>Best regards,</p> <p>Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)</p> <p>Director or Program Management</p> <p>Microsoft Identity Division</p> <p>———————–</p> <p>Hi everyone,</p> <p>Earlier this month we changed the logic that controls app vs. company branding on Azure AD login pages. These changes had two key motivations: provide better brand awareness to customers using B2B flows, and reconcile the branding logic between Azure AD and Microsoft accounts, as a prerequisite to merging the two login experiences later this year.</p> <p>And while we tested and validated the new logic with many customers, we underestimated the impact of these changes to the broader community. You’ve also told us that these changes had disrupted your business because we failed to provide advanced notice.</p> <p>We’re heard you loud and clear. We’ve therefore decided to rollback these changes, effective immediately. We’re also making changes to our engineering and communication process to ensure this doesn’t happen again. Specifically, our team is making the following commitments:</p> <ol> <li>Future login UX change that affect business customers will be announced ahead of time</li> <li>Changes will be tested via flighting, and incorporate a Preview period that allows us to gather broader feedback from you</li> <li>For most disruptive design changes, we’ll introduce an opt-in period of at least 30 days, giving everyone a chance to update their support and training materials</li> </ol> <p>Best regards,</p> <p>Ariel Gordon, Principal Program Manager, Identity Division <a href="https://twitter.com/askariel">(@askariel</a>)</p> ]]></content:encoded>
</item>
<item>
<title>#AzureAD Mailbag: Azure AD App Proxy, Round 2</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/21/azuread-mailbag-azure-ad-app-proxy-round-2/</link>
<pubDate>Fri, 21 Apr 2017 16:00:22 +0000</pubDate>
<dc:creator><![CDATA[Mark Morowczynski [MSFT]]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Mailbag]]></category>
<category><![CDATA[SaaS]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=50057</guid>
<description><![CDATA[Hey everyone, Ian Parramore here. Long time no post for us on these mailbags. You might be wondering what happened and why we didnt have a post for almost 2 months. I can tell you who is to blame, Mark. Now that we got that out of the way. Today were going to dive in <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/04/21/azuread-mailbag-azure-ad-app-proxy-round-2/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>Hey everyone, Ian Parramore here. Long time no post for us on these mailbags. You might be wondering what happened and why we didnt have a post for almost 2 months. I can tell you who is to blame, <a href="https://twitter.com/markmorow">Mark</a>. Now that we got that out of the way. Today were going to dive in a little bit on some of the most common questions weve seen around the Azure AD Application Proxy. For those of you not familiar with this awesome feature, Application Proxy provides single sign-on (SSO) and secure remote access for web applications hosted on-premises. These on-premises web applications can now be integrated with Azure AD, allowing your end users to access your on-premises applications the same way they access O365 and other SaaS apps integrated with Azure AD. You don’t even need to change the network infrastructure or require a VPN to provide this solution for your users. To learn more about Application Proxy and how to get started, see our <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-get-started">documentation</a>. Now lets dig into some of your questions.</p> <p> </p> <p><b>Question 1:</b></p> <p>Im trying to setup Kerberos constrained delegation as discussed in <a href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-proxy-sso-using-kcd/">this article</a> but am struggling to understand the PrincipalsAllowedToDelegateToAccount method. Do you have some more insights you can share on this?</p> <p> </p> <p><b>Answer 1:</b></p> <p>PrincipalsAllowedToDelegateToAccount is specifically used where the Connector servers are in a different domain to the web application service account and requires the use of Resource-based Constrained Delegation.</p> <p> </p> <p>If the Connector servers and the web application service account are in the same domain then you can use the Active Directory Users and Computers to configure the delegation settings on each of the Connector machine accounts to allow them to delegate to the target SPN.</p> <p> </p> <p>If the Connector servers and the web application service account are in different domains then we need to use Resource based delegation where the delegation permissions are configured on the target web server / web application service account.</p> <p>This is a relatively new method of Constrained Delegation introduced in Windows Server 2012 which supports cross-domain delegation by allowing the resource (web service) owner to control which machine/service accounts are allowed to delegate to it. There is no UI to assist with this configuration so we need to use PowerShell.</p> <p> </p> <p>Each Azure AD Application Proxy Connector machine account needs to be granted permissions to delegate to the web application service account.</p> <p>When validating your configuration you can check the PrincipalsAllowedToDelegateToAccount setting using the following PowerShell:-</p> <p>Get-ADUser -Identity sharepointserviceaccount -Properties “PrincipalsAllowedToDelegateToAccount”</p> <p> </p> <p>The following output shows 2 machine accounts with permissions to delegate to the sharepointserviceaccount corresponding to our 2 Connector servers:</p> <p> </p> <p><a href="https://msdnshared.blob.core.windows.net/media/2017/03/image812.png"><img width="2702" height="128" title="image" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="image" src="https://msdnshared.blob.core.windows.net/media/2017/03/image_thumb760.png" border="0" /></a></p> <p> </p> <p>If one or more of your Connector servers do not have permissions to delegate to the target web application service account then you will see errors similar to the following:</p> <p><a href="https://msdnshared.blob.core.windows.net/media/2017/03/image813.png"><img width="1147" height="1056" title="image" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="image" src="https://msdnshared.blob.core.windows.net/media/2017/03/image_thumb761.png" border="0" /></a></p> <p> </p> <p>In the article you’ll see the following sample PowerShell commands:</p> <p>$connector= Get-ADComputer -Identity <span style="background-color: #ffff00">connectormachineaccount</span> -server dc.connectordomain.com</p> <p>Set-ADUser -Identity sharepointserviceaccount -PrincipalsAllowedToDelegateToAccount $connector</p> <p> </p> <p>This is fine but will only set one Connector with delegation rights to the sharepointserviceaccount.</p> <p>If you only specify one of two Azure AD App Proxy connectors, access to the app will only succeed if traffic is routing through that connector.</p> <p> </p> <p>Where you have more than one Connector the first command would ideally look something like this:</p> <p>$connectors = Get-ADComputer <span style="background-color: #ffff00">-filter {name – like “*<i>appproxyname</i>*”}</span> -server dc.connectordomain.com</p> <p> </p> <p>This command assumes the connectors have a similar name and that the wildcards will return more than one computer account. For example, in my environment I have two connectors, MSFTPM-AAP1 and MSFTPM-AAP2. So I would run:</p> <p>$connectors = Get-ADComputer <span style="background-color: #ffff00">-filter {name – like “*<i>aap</i>*”}</span> -server dc.connectordomain.com</p> <p> </p> <p>This returns both servers and sets them in the $connectors variable. I can then run the second command to set the attribute appropriately on my resource server:</p> <p>Set-ADUser -Identity sharepointserviceaccount -PrincipalsAllowedToDelegateToAccount $connectors</p> <p> </p> <p>We can then use the following PowerShell to re-validate the setting:</p> <p>Get-ADUser -Identity sharepointserviceaccount -Properties “PrincipalsAllowedToDelegateToAccount”</p> <p>Note the above examples are using Set-AdUser/Get-AdUser when getting/setting the PrincipalsAllowedToDelegateToAccount attribute. This is because the web application is running under a service account.</p> <p> </p> <p>If the web application was running under a machine context we would need to use Set-AdComputer/Get-AdComputer. This may be relevant in a test environment with only a single web server but in a load balanced web server deployment we would expect the services to be running under a common service account.</p> <p> </p> <p>When populating the $connectors variable we will always use Get-AdComputer as we are specifically interested in the Connector machine accounts.</p> <p> </p> <p>For further information about Kerberos Constrained Delegation and Resource-based Constrained Delegation please see the following whitepaper <a href="http://aka.ms/kcdpaper">http://aka.ms/kcdpaper</a></p> <p> </p> <p><b>Question 2:</b></p> <p>Should I create a dedicated account to register the connector with the Azure AD Application Proxy?</p> <p> </p> <p><b>Answer 2:</b></p> <p>There’s no reason to. Any global admin account will work fine. The credentials entered during installation are not used after the registration process. Instead, a certificate is issued to the connector which will be used for authentication from that point forward. You can see this certificate in the personal store of the computer account:</p> <p><a href="https://msdnshared.blob.core.windows.net/media/2017/03/image814.png"><img width="1392" height="154" title="image" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="image" src="https://msdnshared.blob.core.windows.net/media/2017/03/image_thumb762.png" border="0" /></a></p> <p><b></b></p> <p><b>Question 3: </b></p> <p>How can I monitor the performance of the Azure AD Application Proxy connector?</p> <p><b></b></p> <p><b>Answer 3: </b></p> <p>There are Performance Monitor counters that are installed along with the connector. To view them do the following:</p> <p>1. Start -> Type “Perfmon” -> Enter</p> <p>2. Select Performance Monitor and click the green “+” icon:</p> <p><a href="https://msdnshared.blob.core.windows.net/media/2017/03/image815.png"><img width="1202" height="244" title="image" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="image" src="https://msdnshared.blob.core.windows.net/media/2017/03/image_thumb763.png" border="0" /></a></p> <p>3. Select and add the Microsoft AAD App Proxy Connector counters:</p> <p><a href="https://msdnshared.blob.core.windows.net/media/2017/03/image816.png"><img width="1281" height="882" title="image" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px" alt="image" src="https://msdnshared.blob.core.windows.net/media/2017/03/image_thumb764.png" border="0" /></a></p> <p> </p> <p><b>Question 4: </b></p> <p>Can only IIS-based apps be published? What about web apps running on non-Windows web servers? Does the connector have to be installed on a server with IIS installed?</p> <p> </p> <p><b>Answer 4: </b></p> <p>Woah, this is a 3 for 1!</p> <p> No there is no IIS requirement for apps that are published.</p> <p> Yes you can publish web apps running on servers other than Windows Server. Having said that, you may or may not be able to use pre-authentication with a non-Windows Server depending on if the web server supports Negotiate (Kerberos authentication).</p> <p>The server the connector is installed on does not have to have IIS installed.</p> <p> </p> <p><b>Question 5: </b></p> <p>Does the Azure AD App Proxy connector have to be on the same subnet as the resource?</p> <p> </p> <p><b>Answer 5:</b></p> <p>There is no requirement for the connector to be on the same subnet. It does however need name resolution to the resource as well as the necessary network connectivity (routing to the resource, ports open on the resource, etc.). If you want a more detailed discussion on connector location, please see <a href="https://blogs.technet.microsoft.com/applicationproxyblog/2016/08/16/network-topology-considerations-when-using-azure-ad-application-proxy/">our blog</a>.</p> <p> </p> <p><b>Question 6: </b></p> <p>Ive published the App Proxy application, and Im able to log in, but the application is not displaying as expected. Why isnt it working?</p> <p> </p> <p><b>Answer 6: </b>If youre able to login and the application isnt displaying properly, there are two common possible causes.</p> <p>Please verify that all the pages referenced by the application are in the path you published. For example, we see many cases where the published path is contoso/myapp/register/, but the web page has references to resource under different paths e.g. conotoso/myapp/style.css. Because the path containing the style page has not been published, the application is unable to find it when loading.</p> <p>One way to check if this may be the problem is to look at a Fiddler trace or use the Network tab in the F12 Developer tools in Internet Explorer or Edge browsers to get an overview of the request/response pairs and associated HTTP status codes as you load a web page. You can use the output to identify if you are getting any 404 errors, and if so, whether the resources with the 404 errors are in the published path.</p> <p> </p> <p>In the above example, publishing contoso/myapp/ instead of contoso/myapp/register/ would solve the problem.</p> <p> </p> <p>Also, make sure to check if your application uses hard-coded internal links to either other applications or unpublished sites or, for its own internal namespace.</p> <p> </p> <p>This can be problematic where the internal and external FQDNs in use are different and the web server generates links based on its internal name. Our general recommendation is to use the same internal and external FQDN and protocol (validate that both are the same https is preferred, http is allowed) where possible to reduce the chance of any problems.</p> <p> </p> <p>For sites that contain links to other internal sites or applications, you would need to identify these and then ensure the relevant applications and sites are also published and available externally through Application Proxy. If these links are fully qualified, please use the <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-custom-domains">custom domains feature</a> to make sure these links will work. If not, look for an upcoming announcement in the coming months on some new Application Proxy capabilities in this area.! Please check the <a href="https://blogs.technet.microsoft.com/enterprisemobility/">Enterprise Mobilty and Security blog</a> for announcements.</p> <p> </p> <p>You can use a tool such as Fiddler to review the traffic and identify request failures with a 404 status. You can also use the Network tab in the F12 Developer tools in Internet Explorer or Edge browsers to get an overview of the request/response pairs and associated HTTP status codes as you load a web page.</p> <p> </p> <p>Thanks for reading.</p> <p> </p> <p>For any questions you can reach us at<br /> <a>AskAzureADBlog@microsoft.com</a>, the <a href="https://social.msdn.microsoft.com/Forums/azure/en-US/home?forum=WindowsAzureAD">Microsoft Forums</a> and on Twitter <a href="https://twitter.com/AzureAD">@AzureAD</a>, <a href="https://twitter.com/markmorow">@MarkMorow</a> and <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a></p> <p> </p> <p>-Ian Parramore, Harshini Jayaram, and Mark Morowczynski</p> ]]></content:encoded>
</item>
<item>
<title>Extend cloud identity and access management to your customer and partner relationships</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/12/extend-cloud-identity-and-access-management-to-your-customer-and-partner-relationships-2/</link>
<pubDate>Wed, 12 Apr 2017 16:00:59 +0000</pubDate>
<dc:creator><![CDATA[Andrew Conway]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=50525</guid>
<description><![CDATA[Organizations are transforming how they operate in a digital world. This means seizing new opportunities quickly, reinventing business processes, and delivering greater value to customers.]]></description>
<content:encoded><![CDATA[<p>Organizations are transforming how they operate in a digital world. This means seizing new opportunities quickly, reinventing business processes, and delivering greater value to customers. More important than ever are the strong and trusted relationships with the whole ecosystem in which an organization operates. This includes business partners, contractors, and of course customers. While business-to-business (B2B) and business-to-consumer (B2C) interactions may be different, sustaining both requires information security combined with intuitive user experiences.</p> <p>As your network of B2B and B2C connections grows online, securing them across on-premises, cloud, and hybrid scenarios becomes more of a challenge. A secure identity platform is critical to support this growth and to enable digital business securely. With this goal in mind, today we announce two important extensions in the capability of Microsoft Azure Active Directory.</p> <h2>Azure Active Directory B2B collaboration now generally available</h2> <p>Businesses are increasingly dispersed, mobile, and collaborative, relying on wide range of vendors, partners, and contractors to stay nimble and capitalize on changing markets. Azure Active Directory (AD) is the foundation of our identity-driven approach to security and extends beyond your own employees to secure the identities of external collaboratorspartners, contractors, and vendors. Our goal is to make it easy and secure to collaborate with the employees of any organization. Azure AD B2B collaboration is generally available today and is part of Microsoft Enterprise Mobility + Security (EMS).</p> <p>B2B collaboration provides external user accounts with secure access to documents, resources, and applicationswhile maintaining control over internal data. Theres no need to add external users to your directory, sync them, or manage their lifecycle; IT can invite collaborators to use any email addressOffice 365, on-premises Microsoft Exchange, or even a personal address (Outlook.com, Gmail, Yahoo!, etc.)and even set up conditional access policies, including multi-factor authentication. Your developers can use the Azure AD B2B APIs to write applications that bring together different organizations in a secure wayand deliver a seamless and intuitive end user experience.</p> <p>Millions of users from thousands of businesses have already been using Azure AD B2B collaboration capabilities available through public preview.</p> <blockquote><p>As early adopters of Azure AD B2B collaboration, we used this service to provide a simple and secure way for partners, large and small, to use their own credentials to access Kodak Alaris systems. The latest enhancements are interesting, and we plan to use the invitation manager API in our Partner Relationship Management portal for a more customized guest onboarding/provisioning experience. The Azure AD team has been an incredible partner in our re-creation of a more agile and cost-effective hybrid cloud IT infrastructure. Steve Braunschweiger, Chief Enterprise IT Architect Kodak Alaris</p></blockquote> <h3>Heres how you can get started with Azure Active Directory B2B collaboration:</h3> <ul> <li>Watch this <a href="https://aka.ms/b2bmechanics">Mechanics Video</a> to see the benefits of cloud-based B2B identity and access management</li> <li>Read more details from the <a href="https://aka.ms/b2bcollabblog">Azure AD B2B team blog</a></li> <li>Get started with <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-admin-add-users">Azure Active Directory B2B collaboration</a></li> </ul> <h2>Azure Active Directory B2C now available in Europe</h2> <p>Another important audience within most enterprise ecosystems are the customers who trust your business with their own sensitive personal and financial information. Azure Active Directory B2C enables organizations to securely connect with their customers at scale. Today, Azure AD B2C is generally available in Europe. Azure AD B2C is a highly available, global identity and access management service for your consumer-facing applications. It scales to hundreds of millions of protected identities, integrates easily with nearly any platform on any device, and includes optional multi-factor authentication for additional protection. Your consumers will be able to use existing social media accounts or create new credentials for single sign-on access to your applications through a fully customizable experience.</p> <p>Organizations now have the option to use Azure AD B2C tenants that operate and store data only in European datacenters. For all other regions, Azure AD B2C is available through the North American or European datacenters.</p> <h3>Heres how you can get started with Azure Active Directory B2C:</h3> <ul> <li>Watch <a href="https://youtu.be/ASC7CG4XMq8">this video</a> to see the benefits of cloud-based consumer identity and access management</li> <li>Read more details from the <a href="https://aka.ms/azureadb2ceu">Azure AD B2C team blog</a></li> <li>Get started with <a href="http://azure.microsoft.com/trial/get-started-aad-b2c/">Azure AD B2C</a> in your consumer app</li> </ul> <p>As companies adopt a cloud-first position to take advantage of increased agility and faster innovation, like B2B and B2C, we recognize that cloud-first doesnt mean cloud-only. <a href="https://blogs.technet.microsoft.com/hybridcloud/2017/04/12/consistency-is-the-cure-for-hybrid-cloud-complexity/">As we announced today</a>, we make it easy for customers to maximize their existing investments to adopt cloud. A hybrid approach is a strategic plan for businesses financially, for security, and for their identities and applications.</p> ]]></content:encoded>
</item>
<item>
<title>Azure AD B2B Collaboration is Generally Available!</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/12/azure-ad-b2b-collaboration-is-generally-available/</link>
<pubDate>Wed, 12 Apr 2017 16:00:57 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[B2B]]></category>
<category><![CDATA[Cloud]]></category>
<category><![CDATA[Conditional Access]]></category>
<category><![CDATA[SaaS]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=50485</guid>
<description><![CDATA[Howdy folks, This is a blog post I’ve been as eager to publish as I suspect you’ve been eager to read it. I’m excited to let you know that Azure AD business-to-business (B2B) collaboration is generally available worldwide! Azure AD B2B collaboration capabilities enable any organization using Azure AD to work safely and securely with <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/04/12/azure-ad-b2b-collaboration-is-generally-available/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p><span style="color: black;font-family: Segoe UI;font-size: 11pt">Howdy folks,<br /> </span></p> <p><span style="color: black;font-family: Segoe UI;font-size: 11pt">This is a blog post I’ve been as eager to publish as I suspect you’ve been eager to read it. I’m excited to let you know that Azure AD business-to-business (B2B) collaboration is generally available worldwide!<br /> </span></p> <p><span style="color: black;font-family: Segoe UI;font-size: 11pt">Azure AD B2B collaboration capabilities enable any organization using Azure AD to work safely and securely with users from any other organization, small or large, with or without Azure AD, & with or without an IT organization.<br /> </span></p> <p><span style="color: black;font-family: Segoe UI;font-size: 11pt">Organizations using Azure AD can provide their B2B partners access to documents, resources, and applications while maintaining control over corporate data. Developers can use the Azure AD B2B APIs to write applications that bring two organizations together in a secure way that is also seamless and intuitive for end users to navigate.<br /> </span></p> <p><span style="color: black;font-family: Segoe UI;font-size: 11pt">Customer demand for these capabilities is sky high! Already during the public preview, customers have invited 2.6M guest users using these new capabilities. <img class="aligncenter" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/04/041117_0246_AzureADB2BC1.png" /><br /> </span></p> <p style="text-align: justify"><span style="color: black;font-family: Segoe UI;font-size: 11pt">And more than 20% of Azure AD Tenants with >10 users are now using Azure AD B2B!:<br /> </span></p> <p style="text-align: justify"><span style="color: black;font-family: Segoe UI;font-size: 11pt"><br /> <img class="aligncenter" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/04/041117_0246_AzureADB2BC2.png" /><br /> </span></p> <p><span style="color: black;font-family: Segoe UI;font-size: 11pt">We have spent thousands and thousands of hours with these customers diving into how we can best serve their needs with Azure AD B2B.<br /> </span></p> <p><span style="color: black;font-family: Segoe UI;font-size: 11pt">I’d like to thank all of you who spent time with us providing feedback and suggestions. We would not have reached this point without your partnership.<br /> </span></p> <p><span style="color: black;font-family: Segoe UI;font-size: 11pt">Now you can dive in and use Azure AD B2B in your organization! Here are a few of highlights of the things you can do now:<br /> </span></p> <p><span style="color: black;font-family: Segoe UI;font-size: 11pt"><strong>Easily add B2B users to your organization:<br /> </strong></span></p> <p><img class="aligncenter" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/04/041117_0246_AzureADB2BC3.png" /><span style="color: black;font-family: Segoe UI;font-size: 11pt"><br /> </span></p> <p><span style="color: black;font-family: Segoe UI;font-size: 11pt"><strong>Enable your collaborators to bring their own identity to work with you:<br /> </strong></span></p> <p><img class="aligncenter" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/04/041117_0246_AzureADB2BC4.png" /><span style="color: black;font-family: Segoe UI;font-size: 11pt"><br /> </span></p> <p><span style="color: black;font-family: Segoe UI;font-size: 11pt"><strong>Delegate to application and group owners so they can add B2B users directly to any of the thousands of apps that work with Azure AD:<br /> </strong></span></p> <p><img class="aligncenter" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/04/041117_0246_AzureADB2BC5.png" /><span style="color: black;font-family: Segoe UI;font-size: 11pt"><br /> </span></p> <p><img class="aligncenter" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/04/041117_0246_AzureADB2BC6.png" /><span style="color: black;font-family: Segoe UI;font-size: 11pt"><br /> </span></p> <p><span style="color: black;font-family: Segoe UI;font-size: 11pt"><strong>Have consistent authorization policies protecting your corporate content across your employees and partners:<br /> </strong></span></p> <p><img class="aligncenter" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/04/041117_0246_AzureADB2BC7.png" /><span style="color: black;font-family: Segoe UI;font-size: 11pt"><br /> </span></p> <p><span style="color: black;font-family: Segoe UI;font-size: 11pt"><strong>Use our APIs and sample code to easily build applications to onboard your external partners in ways customized to your organization’s needs:<br /> </strong></span></p> <p><img class="aligncenter" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/04/041117_0246_AzureADB2BC8.png" /><span style="color: black;font-family: Segoe UI;font-size: 11pt"><br /> </span></p> <p><span style="color: black;font-family: Segoe UI;font-size: 11pt">With Azure AD B2B collaboration, you can get the full power of Azure AD to protect your partner relationships in a way that end users find easy and intuitive.<br /> </span></p> <p><span style="color: #0070c0;font-family: Segoe UI;font-size: 11pt"><strong>Work with any user from any partner<br /> </strong></span></p> <ul> <li><span style="color: black;font-family: Segoe UI;font-size: 11pt">Partners use their own credentials<br /> </span></li> <li><span style="color: black;font-family: Segoe UI;font-size: 11pt">No requirement for partners to use Azure AD<br /> </span></li> <li><span style="color: black;font-family: Segoe UI;font-size: 11pt">No external directories or complex set-up required<br /> </span></li> </ul> <p><span style="color: #0070c0;font-family: Segoe UI;font-size: 11pt"><strong>Simple and secure collaboration<br /> </strong></span></p> <ul> <li><span style="color: black;font-family: Segoe UI;font-size: 11pt">Provide access to any corporate application or resource<br /> </span></li> <li><span style="color: black;font-family: Segoe UI;font-size: 11pt">Seamless user experiences<br /> </span></li> <li><span style="color: black;font-family: Segoe UI;font-size: 11pt">Enterprise-grade security for applications and data<br /> </span></li> </ul> <p><span style="color: #0070c0;font-family: Segoe UI;font-size: 11pt"><strong>No management overhead<br /> </strong></span></p> <ul> <li><span style="color: black;font-family: Segoe UI;font-size: 11pt">No external account or password management<br /> </span></li> <li><span style="color: black;font-family: Segoe UI;font-size: 11pt">No sync or manual account lifecycle management<br /> </span></li> <li><span style="color: black;font-family: Segoe UI;font-size: 11pt">No external administrative overhead<br /> </span></li> </ul> <p><span style="color: black;font-family: Segoe UI;font-size: 11pt">Get started today on <a href="https://portal.azure.com/">the Azure portal</a>.<br /> </span></p> <p><span style="color: #1f1f1f;font-family: Segoe UI;font-size: 21pt">Learn More<br /> </span></p> <p><span style="color: #41424e;font-family: Segoe UI;font-size: 11pt">There’s far more detail about the new Azure AD B2B Collaboration features in our <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-what-is-azure-ad-b2b"><span style="color: #0078d7;text-decoration: underline">updated documentation</span></a>, so take a look and let us know if you have any questions! <span style="color: black">And if you haven’t seen it yet, check out (below) the latest short video about Azure AD B2B<span style="color: #41424e"> we put together, too.<br /> </span></span></span></p> <p><iframe width="560" height="315" src="https://www.youtube.com/embed/AhwrweCBdsc" frameborder="0" allowfullscreen></iframe> </p> <p><span style="color: #41424e;font-family: Segoe UI;font-size: 11pt">As always, connect with us for any feedback, discussions and suggestions through our <a target="_blank" href="https://techcommunity.microsoft.com/t5/Azure-Active-Directory-B2B/bd-p/AzureAD_B2b"><span style="color: #0078d7;text-decoration: underline"><strong>Microsoft Tech Community</strong></span></a>. You know we’re listening!<br /> </span></p> <p><span style="color: #41424e;font-family: Segoe UI;font-size: 11pt">Best Regards,<br /> Alex Simons (@Twitter:<a href="https://twitter.com/Alex_A_Simons"><span style="color: #0078d7;text-decoration: underline"><strong>@Alex_A_Simons</strong></span></a>)<br /> Director of Program Management<br /> Microsoft Identity Division</span></p> ]]></content:encoded>
</item>
<item>
<title>End of support for DirSync and Azure AD Sync is rapidly approaching. Time to upgrade to Azure AD Connect!</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/10/end-of-support-for-dirsync-and-azure-ad-sync-is-rapidly-approaching-time-to-upgrade-to-aad-connect/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/10/end-of-support-for-dirsync-and-azure-ad-sync-is-rapidly-approaching-time-to-upgrade-to-aad-connect/#comments</comments>
<pubDate>Mon, 10 Apr 2017 16:00:41 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Hybrid]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=50106</guid>
<description><![CDATA[Howdy folks, On April 13 of last year, we announced the deprecation of “Windows Azure Active Directory Sync (DirSync)” and “Azure Active Directory Sync (Azure AD Sync)” and that it was time to start planning to upgrade to Azure AD Connect. We also announced at the time that DirSync & Azure AD Sync will reach <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/04/10/end-of-support-for-dirsync-and-azure-ad-sync-is-rapidly-approaching-time-to-upgrade-to-aad-connect/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p><span style="font-family: Segoe UI">Howdy folks,<br /> </span></p> <p><span style="font-family: Segoe UI">On April 13 of last year, we announced the deprecation of “Windows Azure Active Directory Sync (DirSync)” and “Azure Active Directory Sync (Azure AD Sync)” and that it was time to start planning to upgrade to Azure AD Connect. We also announced at the time that DirSync & Azure AD Sync will reach <strong>end of Support on April 13, 2017</strong>. Since then, 35,000 customers have successfully upgraded from these deprecated tools to Azure AD Connect that’s what we like to see!<br /> </span></p> <p><span style="font-family: Segoe UI">Today, we are confirming that DirSync and Azure AD Sync will reach end of Support as planned on April 13, 2017.<br /> </span></p> <p><span style="font-family: Segoe UI">I would <span style="text-decoration: underline"><strong><em>highly</em></strong></span> recommend that if you haven’t upgraded to Azure AD Connect, you should do so VERY soon to avoid service disruptions. Azure AD will stop accepting connections from DirSync and Azure AD Sync after <strong>December 31, 2017</strong>.<br /> </span></p> <p><span style="font-family: Segoe UI">For more information about the DirSync and AAD Sync upgrade, please see the <a href="https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-dirsync-deprecated">DirSync and Azure AD Sync deprecation documentation</a>.<br /> </span></p> <p><span style="font-family: Segoe UI">If you have any questions or feedback about this change, we’re all ears. Please leave us a comment below or reach on Twitter using the #AzureAD hashtag.<br /> </span></p> <p><span style="font-family: Segoe UI">Best regards,<br /> </span></p> <p><span style="font-family: Segoe UI">Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)<br /> </span></p> <p><span style="font-family: Segoe UI">Director of Program Management<br /> </span></p> <p><span style="font-family: Segoe UI">Microsoft Identity Division<br /> </span></p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/04/10/end-of-support-for-dirsync-and-azure-ad-sync-is-rapidly-approaching-time-to-upgrade-to-aad-connect/feed/</wfw:commentRss>
<slash:comments>1</slash:comments>
</item>
</channel>
</rss>
