News

Microsoft Adds Virtual Network Support to Azure AD

• By Gladys Rama
• August 30, 2017

Microsoft has launched a public preview of a new capability within Azure Active Directory (AD) Domain Services that adds support for virtual networks using Azure Resource Manager.

Released late last year, Azure AD Domain Services gives users a means of authenticating older applications running on Azure virtual machines on Microsoft's cloud infrastructure. Azure AD Domain Services supports applications that aren't using newer authentication protocols, such as OAuth 2.0, OIDC, SAML and REST. Users can access these applications by logging in with their corporate credentials. As part of this service, Microsoft maintains the domain controller infrastructure for organizations.

Azure Resource Manager, on the other hand, is Microsoft's tooling for deploying complex application workloads that depend on spread-out cloud resources, such as virtual networks, virtual machines, and storage. The resources required by these applications get logically assigned into "resource groups" using templates. This approach supposedly makes it easier for IT pros to remove applications without worrying about all of the cloud-resource dependencies.

This week's preview announcement brings Azure AD Domain Services closer to Azure Resource Manager with regard to virtual network application dependencies.

"This new public preview lets you create a managed AD domain in a Resource Manager virtual network from the Azure portal," Microsoft's announcement explained. The Azure Portal is Microsoft’s browser-based solution for managing various Azure services.

A "Resource Manager virtual network" is a type of virtual network that's currently at the preview stage right now. The Azure AD Domain Services preview of Azure Resource virtual network support also will work with so-called "classic virtual networks." However, Microsoft's announcement signaled it will be shifting away from classic virtual network support going forward.

"We're going all in on Resource Manager virtual networks," Microsoft declared in its announcement.

In the near future, classic virtual network support will be going away:

When support for Resource Manager virtual networks becomes generally available, you won't be able to create new managed AD domains in classic virtual networks anymore. Resource Manager-based virtual networks will be the only supported deployment model for newly created managed AD domains.

Microsoft is promising that it will provide a means to "easily switch from a classic virtual network to a Resource Manager-based virtual network" in the near future. Supposedly, this migration capability, coming in preview form before the end of December, won't require organizations to delete a managed AD domain.

The preview of Azure Active Directory Domain Services support for virtual networks using Azure Resource Manager isn't for production environments yet. Microsoft's announcement flatly stated that "if the existing managed AD domain is a production instance, you won't be able to use this preview."

In other words, the preview is just for test networks. Moreover, Microsoft's announcement has different instructions to follow, along with caveats, for enabling the preview based on whether the test network is using Resource Manager virtual networks or classic virtual networks.