How to Manage Azure with On-Premise Active Directory

Leave a reply

When you sign up with a Windows Azure account, by default it creates an instance of Active Directory that resides in Windows Azure only called Windows Azure Active Directory (WAAD).  This is the same exact infrastructure that underlies Office 365. This blog post describes how to change Azure to leverage your existing Office 365 WAAD Instance.  You can then take advantage of your existing DirSync and ADFS servers to sign into the Azure Management Portal rather than using a Microsoft Account (Formerly Windows Live ID).

This is ideal for large enterprise customers who desire to have all authentication performed from Active Directory, so that if administrators leave the organization, they have one place to disable the account rather than multiple places.

For a quick 10 minute video overview of how this works, I recommend watching ”What is Windows Azure Active Directory”

The first step is to sign into the Windows Azure Management Portal:

https://manage.windowsazure.com

Then click on Active Directory from the left navigation menu,  and then click Add.

SNAGHTML10bff2d

You then choose ‘Use existing directory’

image

Then check the box ‘I am ready to be signed out now’

image

You will then be directed to a login page to sign in with your Office 365 organization ID (which should authenticate you with ADFS if you have that enabled).

If you are managing your Windows Azure Subscription with a Microsoft Account (Formerly Windows Live ID) rather than an Organizational ID, then you will be prompted for confirmation that you are okay granting your Microsoft Account (Formerly Windows Live ID) with Organizational Admin rights over your Office 365 directory.

The next step is to click on the Settings icon on the left navigation pane in the Azure Management Portal.

image

Then click on the subscription you want to change the directory to the new o365 WAAD directory.

image

You can then change the directory

image

Note: The behavior of this screen is a little different than what you may expect. For example, in the drop-down box I was expecting to see a list of all my directories and then I could select the one I wanted. Instead, it assumes you don’t want to select your existing directory and so that option won’t be listed.

Adding an Administrator

Adding an administrator is the same as before but now you have the option of selecting the Organizational ID as an option.

SNAGHTML1a45539

That’s it – you can now sign in using ADFS to manage Azure.

Leave a comment