Microsoft Gives Windows Azure Active Directory Controls a Boost
- By Kurt Mackie
- March 04, 2013
Microsoft has made some management improvements to Windows Azure, on the heels of adding federation capabilities between Windows Azure and Windows Server.
IT pros can now expect to have a somewhat more consistent experience across the two management capabilities, Microsoft indicated in a blog post on Monday. One of the improvements is simple enough: IT pros using the Windows Azure portal can now manage Windows Azure users and specify their access rights. It's not clear why IT pros couldn't carry out that basic function before.
If an organization has synchronized Windows Server Active Directory with Windows Azure, then the addition or deletion of users performed on premises with Active Directory will get automatically pushed into the Windows Azure management portal. That synchronization capability requires the use of "the 3.0 release of the Azure Active Directory extension," according to Microsoft's announcement.
IT pros can now designate global account administrators from the Windows Azure management portal, and they can enforce two-factor authentication as part of the process, such as requesting identity confirmation by sending an SMS text message or automated phone call to a device. A Microsoft Channel 9 video illustrates it being done with a mobile phone serving as the second prong of the two-factor authentication. Oddly, rich clients, such as Microsoft Outlook, can't be used for the two-factor ID process, according to the video.
The domain names for users can now be a little more specific to the company. The company's URL can now be specified, such as "email@example.com, instead of firstname.lastname@example.org," according to Microsoft's announcement.
The new management capabilities are available for anyone who uses the Windows Azure management portal, as part of being a Windows Azure Active Directory tenant. That includes IT shops using Office 365, according to the announcement.
Kurt Mackie is online news editor for the 1105 Enterprise Computing Group.