Over the past years, Microsoft has spent significant effort to make Azure Active Directory (Azure AD) the central platform for identities in Microsoft environments and beyond. Microsoft now announced several new capabilities that help to support further use cases.

New features in Azure AD

One of these is the support for FIDO2 security key sign in for hybrid environments, consisting of both Azure AD and on-premises Active Directory. FIDO2 as a standard allows using a variety of authenticators, including biometric authentication, with various applications. This extension allows for using a broad range of authenticators in environments that include both flavors of Microsoft Active Directory.

Several new features address the specific needs of providing access for first-line workers. These include delegated user management capabilities, SMS sign-in with one-time passwords, and “single sign out” for shared devices.

Other new features include improvements in the self-service interfaces, for conditional access, and for access to 3rd party applications. The latter is of specific relevance for many organizations because it allows accessing all types of applications including legacy applications from Azure AD and the My Apps portal. For many customers, licensing enhancements within the free Azure AD edition for SSO and MFA will be of major relevance.

At the Build 2020 conference, Microsoft announced additional features, such as the integration of Azure AD APIs into Microsoft Graph for providing a single API for all Microsoft 365 services. Also, the integration capabilities with social identity providers (IdPs) and with target applications for CIAM (Consumer IAM) use cases are extended, plus many more new features being added to Azure AD. More information is available in Microsoft’s blogs on Azure AD and security.

Azure AD first, on-premises Active Directory second?

Without going into too much detail regarding all the announcements Microsoft has made, the evolution of Azure AD raises strategic questions. One of these questions is whether and when it is time to make Azure AD take over the central role on-premises Active Directory still plays in most organizations.

The simple answer is that it is high time to prepare for that shift, whenever an organization intends to or already actually does use Azure AD. If so, then Azure AD should become the strategic system, instead of on-premises Active Directory, which increasingly will move into a legacy state, with users being synchronized from Azure AD, not to Azure AD.

Azure AD: Strategic element of IAM or just a target system?

The even more important question is whether Azure AD is just a target system within IAM (Identity and Access Management) or a central element of the IAM infrastructure and the future Identity Fabric of organizations.

There is no simple answer to that question. This depends on many factors. However, the question must be asked. The potential of Azure AD in becoming a cornerstone of the future IAM infrastructure of businesses is apparent, but it depends on factors such as whether Office 365 is used or not (if not, the relevance of Azure AD will be lower), such as the current technologies in place, such as strategic sourcing, and many more. However, with every addition to its capabilities, Microsoft is increasing the competitiveness of Azure AD in the IAM market. Thus, customers should carefully evaluate the potential future role and make a well-thought-out decision on this.

See also