Introduction to Windows Azure Active Directory “Premium”

Windows Azure Active Directory (WAAD) “Premium” is a paid offering that unlocks additional features of WAAD. It is currently in preview and can be unlocked in the Azure Preview Portal.

[Update: WAAD reached General Availability on April 8, 2013 whereas WAAD Premium was available in Preview in December 2013, and GA sometime later [please post a comment if you have the GA release date of Premium]

WAAD Premium adds these features:

User self-service password reset –Give your end-users the ability to reset their password using the same sign in experience they have for Office 365.
For more information, see Enable self-service password reset for users.

Group-based application access – Use groups to assign user access in bulk to SaaS applications. These groups can either be created solely in the cloud or you can leverage existing groups that have been synced in from your on-premises Active Directory.
For more information, see Group management.

Company branding – Add your company logo and color schemes to your organization’s Sign In and Access Panel pages (including localized versions of the logo for different languages).
For more information, see Add company branding to your Sign In and Access Panel pages.

Additional security reports – View detailed security reports showing anomalies and inconsistent access patterns.

Once you unlock this feature in the Preview Portal, then you sign into your Azure tenant and browse to the directory that you want to enable for Premium.

This gives you the ability to customize branding. The branding is shown when users access webmail via outlook.com/contoso.com or mail.contoso.com. For more information on branding see Alex Simon post here: http://blogs.technet.com/b/ad/archive/2013/12/16/custom-branding-support-in-azure-ad-now-in-preview.aspx

Note: During the previous period, users will need to Opt-In by clicking on this link to view customized branding https://login.microsoftonline.com/optin.srf

The Advanced Reports seem like they would be relevant for most security administrators to review periodically.I predict what feature request is coming next: Alerting or scheduled emails of these reports =)

And it also unlocks the password reset feature. Right now this is an all or nothing toggle, however, the technet page for this feature says that the ability to enable this for specific users is coming soon.

To perform a self-service password reset

Go to a page that uses an organizational account. For example, go to portal.microsoftonline.com and click Can’t access your account link.
On the Reset your password page, enter the user ID and captcha
If the account is on-premise only (ADFS) then the following message will appear:
Otherwise, for cloud accounts then the user will receive notification.