News

Microsoft Shares Stats on How Orgs Use Azure AD

• By Kurt Mackie
• November 14, 2017

Microsoft this week shared some insight into how businesses are using its Azure Active Directory (AD) service.

Based on October tracking data, Microsoft found that organizations are mostly (46 percent) using Active Directory Federation Services (a Windows Server role enabling single sign-on access) to connect with Azure AD, followed by Microsoft's Password Hash Sync service (25 percent).

Microsoft found that 21 percent were "cloud only" Azure AD users, according to an announcement Monday by Alex Simons, director of program management for the Microsoft Identity Division.

Third-party (non-Microsoft) solutions in use included Ping Federate (2 percent) and other third-party services such as "Centrify, Okta or OneAuth" were at 2 percent as well, plus there were third-party federation servers in use at 1 percent. Other connections used included identity-as-a-service (2 percent) and syndication partners (1 percent).

Simons described Ping as "the fastest growing and most popular third-party option." Its growth perhaps was bolstered by the partnership the two companies established in which Ping Identity's PingAccess technology was integrated into Microsoft's Azure AD Premium service back in March. Organizations needing to connect Web applications that require headers for authentication (such as NetWeaver, PeopleSoft and WebCenter apps) typically might use this integrated PingAccess technology.

Microsoft has 950 million Azure AD users in October. More than 50 percent of them are larger organizations that always synchronize their local Active Directory with Azure AD. The organizations that are pure Azure AD users and that don't use some form of synchronization with Microsoft's cloud-based identity and access management service are mostly smaller organizations, Simons explained.

Microsoft has seen some success getting users to switch from its older Windows Azure Active Directory Sync (DirSync) and Azure AD Sync tools to its newer Azure AD Connect service. The Azure AD Connect service is supposedly an easier method for setting up such connections, and Microsoft stopped supporting DirSync and Azure AD Sync back in April.

While more than 180,000 tenancies synchronized their local Active Directories with Azure AD, more than 170,000 of that number used the Azure AD Connect service to accomplish that task. Simons indicated that 90 percent of Azure AD tenancies now sync using the Azure AD Connect tool. In contrast, the DirSync tool was used by just 7 percent. Microsoft Identity Manager or Forefront Identity Manager was used by 1.9 percent of the Azure AD tenancies.

Another notable finding was the use of Azure AD Pass-Through Authentication, which had 500,000 monthly active users in October, even though it hit "general availability" commercial release status in that month. Azure AD Pass-Through Authentication uses an organization's Active Directory to validate user passwords, permitting access to both local applications and external services. Supposedly, using the combination of Azure AD Pass-Through Authentication and Seamless Single Sign-On is easier to set up than using Active Directory Federation Services to enable single sign-on access to apps by end users.