Microsoft Unveils Azure AD Domain Services -- Redmond Channel Partner

Microsoft Unveils Azure AD Domain Services

By Kurt Mackie
October 16, 2015

Microsoft rolled out previews of its Azure Active Directory products this week, including the completely new "Azure AD Domain Services."

Released Wednesday, Azure AD Domain Services is aimed at organizations trying to leverage Microsoft's Azure Active Directory cloud-based authentication services with their on-premises Active Directory identity and access management infrastructures.

In addition, Microsoft also released previews of a few new Azure AD Application Proxy services.

Azure AD Domain Services
The new Azure AD Domain Services release, available as a preview, can be used to smooth over issues associated with the use of so-called "legacy apps" or applications that don't use authentication protocols such as SAML or OAuth 2.0. Getting those legacy apps authenticated via Microsoft's cloud services has sometimes required setting up expensive network connections. It's also been a time and resource drain since domain controllers run in virtual machines need to be patched and maintained, according to Microsoft's explanation.

Such scenarios get eased with the new Azure AD Domain Services, Microsoft is promising. The service works with premises-based AD environments and reduces patch burdens, according to Microsoft's announcement:

Azure AD Domain Services provides managed cloud based domain services such as domain join, group policy, LDAP & Kerberos/NTLM authentication in the Azure cloud that are fully compatible with Windows Server Active Directory. With these services, you get the full value of Windows Server AD in the cloud domain, without having to deploy, manage, monitor and patch domain controllers.

The service is available at the preview stage for all organizations that have Azure AD tenants. It's available for "Free, Basic and Premium" subscription plans. However, the preview of Azure AD Domain Services isn't free. It's currently billed at an hourly rate that's half the cost of the coming "general availability" price. Also, the Azure AD Domain Service is only available during the preview stage at the 5,001 to 25,000 objects tier, according to the announcement. This preview is also a bit delayed. A software glitch caused Microsoft to pull it earlier this week, but the company expects it to make it available again on Friday.

The new Azure AD Domain Services represents a "huge milestone" for the company, according to Alex Simons, director of program management for the Microsoft Identity Division. "After years of work, we've reached the point where Azure AD is now a super set of Windows Server AD," he claimed, adding that "it gives cloud forward companies the opportunity to go 'cloud only' while still getting all the benefits of Azure AD and Windows Server AD."

Organizations wholly connected to cloud services can use the service with existing passwords. Organizations that synchronize their local AD structures with Azure AD in the cloud need to force password synchronization using the latest Azure AD Connect solution, Microsoft's announcement explained.

Azure AD Application Proxy
The Azure AD Application Proxy releases include three new preview features, plus four features that are now commercially ready (at the "general availability" or GA stage, in Microsoft's nomenclature). The four GA features include "custom domain names, conditional access policies, and Intune NDES."

The three new preview features include Remote Desktop support, isolated network support and support for "non-Windows applications using Kerberos over SPNego," per Microsoft's announcement.

Remote Desktop Services is Microsoft's enabling solution for connecting devices in virtual desktop infrastructure scenarios, typically for remote workers. It now works with the Azure AD Application Proxy. The proxy service can be used as a way of not exposing the Remote Desktop Gateway directly to Internet traffic when authenticating devices.

The new isolated network support preview capability in Azure AD Application Proxy can be used to enable application access "across disparate datacenters," according to Microsoft. For instance, it enables access to applications housed on Amazon Web Services infrastructure or on other infrastructure-as-a-service provider networks. Another enabled capability is support for disaster recovery sites.

Lastly, Microsoft is previewing single sign-on support for non-Windows applications that authenticate using Kerberos over SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism) via its Azure AD Application Proxy service. It's a functionality extension move. Microsoft is promising that "every application that supports SSO via Kerberos for on-prem domain joined browsers will now provide SSO to your employees authenticating with Azure AD."

If that weren't enough to consider, Microsoft plans to roll out a new Azure AD Application Proxy Connector "groups" capability. This capability will allow applications to be assigned to a connector group to facilitate "high-availability and load balancing," according to this Microsoft blog post. The new capability will be available at the preview stage "in the next couple of months."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Free Webcast! Learn about Password Management Best Practices

Featured

2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.
The 2024 Microsoft Product Roadmap

Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.
Microsoft Makes AI Push in London and Japan with Strategic Investments

Looking to further the global reach of its aggressive AI push, Microsoft made a couple of announcements this week focused on overseas initiatives and investments.
Top SMB Threats Include Ransomware and Windows Server 2012: Report

Managed services providers that support SMBs have their hands full this year: The constellation of threats targeting their customer base is more varied and harder to detect than ever.

RCP Update

Email Address*Country*

Please type the letters/numbers you see above.

Microsoft Unveils Azure AD Domain Services

Featured

2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

The 2024 Microsoft Product Roadmap

Microsoft Makes AI Push in London and Japan with Strategic Investments

Top SMB Threats Include Ransomware and Windows Server 2012: Report

2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

The 2024 Microsoft Product Roadmap

Microsoft Broadens Secure Software Development Initiative

The Most Important Document for Partners To Read Now: CSF 2.0

Top SMB Threats Include Ransomware and Windows Server 2012: Report

2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

The 2024 Microsoft Product Roadmap

Microsoft Broadens Secure Software Development Initiative

The Most Important Document for Partners To Read Now: CSF 2.0

Top SMB Threats Include Ransomware and Windows Server 2012: Report

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to Office 365 Security Costs

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

FREE WEBCASTS FROM OUR SPONSORS

Coffee Talk: Phishing Awareness Training 101 for Partners

Security Essentials: Empowering MSPs with Datto’s Integrated Solutions

Coffee Talk: Endpoint Security 101: Threats & Strategies SMB Partners Need to Know

Automated Intelligence: Simplifying M365 Governance for MSPs

FREE WHITE PAPERS FROM OUR SPONSORS

A guide to zero trust for MSPs

Microsoft CSP Guide

10 Reasons to Bundle Security with your Managed Services

Battling Business Email Compromise