First look: Windows Azure Active Directory preview

Our analyst suggests giving this Microsoft release for app developers a pass. Here's why.

1 2 3 Page 3
Page 3 of 3

How does on-premises Group Policy work when ported to Active Directory in the cloud, or vice versa? Group Policy has been integrated with Active Directory and Windows Server since the 2000 release and most corporations have extensive deployments of Group Policy objects that manage access and permissions to a variety of servers, files and settings within the security domain.

Windows Azure

But Group Policy is functional only with on-premises deployments, at least as it is currently written. How will this policy information carry over into the cloud? Will administrators be able to set Group Policy-based access to cloud services and get very granular with those permissions? Will they be able to set Group Policy Objects, or GPOs, on premises using existing Microsoft-built and third-party-developed management tools that companies have already invested significant money in? Will Group Policy administration move to the cloud and "trickle down" over time to on-premises deployments?

I can find no public statement about how Group Policy will grow and change along with cloud-based directories, so this is absolutely an area to watch as WAAD continues down its development path.

How does Windows Intune fit in with WAAD? Microsoft has been marketing Windows Intune as a way of bringing together the management of both domain-joined and non-domain-joined Windows machines in addition to iOS-based devices like the iPhone and iPad, and Windows devices.

Intune's meant more for small to midsize organizations that would like to manage all their IT assets from the cloud. The Intune model doesn't really integrate well with other management tools, making it a poor choice (at least in its current iteration) for larger organizations.

But since we don't know much about how Group Policy will work, is it possible that the Windows Intune management infrastructure will be subsumed into WAAD, and computer and device management will be enabled from there? Is this a way to bring integrated computer and device management to the cloud, particularly for larger customers with big numbers of deployed computers, and away from on-premises solutions? There may be an interesting story to tell here in the coming months; stay tuned.

What about Kerberos support? Kerberos is used in Active Directory environments to perform transparent seamless authentication and authorization, and while it's the basis of all Active Directory transactions, it is of particular emphasis and importance in cross-platform environments.

For example, large universities typically leverage Kerberos protocol sets to allow Unix and Linux, as well as Macintosh, machines to authenticate against Active Directory since those operating system platforms dont natively support the way Windows typically exchanges security information with Active Directory.

With WAAD, there's no mention of Kerberos support. With all of the talk of mobile support and managing identity information for phones, tablets and other devices, one is left to wonder whether support for Macs and Linux machines will be included with this release of WAAD. This could be a significant drawback to deploying this technology for organizations with large sets of non-Windows computers.

The last word

Windows Azure Active Directory is an interesting, but not yet compelling, addition to cloud-based directory services. In this July developer preview release, IT pros building applications both internally and for sale can now integrate with Microsoft accounts already being used for Office 365 and other cloud services and will soon be able to, with the final release version of WAAD, integrate with other consumer directory services. That's useful from an application-building standpoint.

Additionally, IT pros can enable federation scenarios and synchronization between on-premises Active Directory deployments and Windows Azure. But for now, unless you're running Office 365, there's not much with which to integrate. The cross-platform and administrative stories are simply not there yet.

Stay tuned for more developments on this promising technology -- as it matures, it could be quite interesting -- but unless you're building Azure apps right now, you can give this release a pass.

Jonathan Hassell runs 82 Ventures LLC, a consulting firm based out of Charlotte, N.C. He's also an editor with Apress Media LLC. Reach him at

Copyright © 2012 IDG Communications, Inc.

1 2 3 Page 3
Page 3 of 3
Shop Tech Products at Amazon