Windows Azure Active Directory (WAAD) “Premium” is a paid offering that unlocks additional features of WAAD. It is currently in preview and can be unlocked in the Azure Preview Portal.
[Update: WAAD reached General Availability on April 8, 2013 whereas WAAD Premium was available in Preview in December 2013, and GA sometime later [please post a comment if you have the GA release date of Premium]
WAAD Premium adds these features:
For more information, see Enable self-service password reset for users.
For more information, see Group management.
For more information, see Add company branding to your Sign In and Access Panel pages.
Additional security reports – View detailed security reports showing anomalies and inconsistent access patterns.
Once you unlock this feature in the Preview Portal, then you sign into your Azure tenant and browse to the directory that you want to enable for Premium.
This gives you the ability to customize branding. The branding is shown when users access webmail via outlook.com/contoso.com or mail.contoso.com. For more information on branding see Alex Simon post here: http://blogs.technet.com/b/ad/archive/2013/12/16/custom-branding-support-in-azure-ad-now-in-preview.aspx
Note: During the previous period, users will need to Opt-In by clicking on this link to view customized branding https://login.microsoftonline.com/optin.srf
The Advanced Reports seem like they would be relevant for most security administrators to review periodically.I predict what feature request is coming next: Alerting or scheduled emails of these reports =)
And it also unlocks the password reset feature. Right now this is an all or nothing toggle, however, the technet page for this feature says that the ability to enable this for specific users is coming soon.
To perform a self-service password reset
Go to a page that uses an organizational account. For example, go to portal.microsoftonline.com and click Can’t access your account link.
On the Reset your password page, enter the user ID and captcha
If the account is on-premise only (ADFS) then the following message will appear:
Otherwise, for cloud accounts then the user will receive notification.