MICROSOFT_PRESS_EBOOK_INTRODUCING_WINDOWS_10
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
CHAPTER <strong>10</strong><br />
Integrating Azure Active Directory<br />
Every network administrator knows the ins and outs of Active Directory, the service that runs on<br />
Microsoft Windows server editions and powers countless Windows domain-based networks<br />
worldwide. The Pro, Enterprise, and Education editions of Windows <strong>10</strong> offer full support for traditional<br />
Active Directory deployments, of course, but Windows <strong>10</strong> also supports a new, cloud-based alternative<br />
called Azure Active Directory, or Azure AD for short.<br />
Like its on-premises counterpart, Azure AD provides identity and access services for businesses.<br />
With an Azure AD work or school account, users can sign on to any cloud or on-premises web<br />
application, using a wide array of client devices.<br />
Azure AD provides the core directory and identity-management capabilities behind several<br />
business-focused Microsoft cloud services, including Microsoft Office 365 and (naturally) Microsoft<br />
Azure. You can integrate Azure AD services with a local Active Directory deployment or use it on a<br />
standalone basis. In either case, you can configure multifactor authentication to provide secure local<br />
and remote access, and you can take advantage of built-in reporting and analytics capabilities that<br />
scale to even very large enterprises.<br />
In this chapter, I offer an overview of Azure AD as well as instructions on how to make Azure AD<br />
work with Windows <strong>10</strong> devices of all shapes and sizes.<br />
Getting started with Azure AD<br />
You might already be using Azure AD without being aware of it. If you or your organization signed<br />
up for a business-focused Microsoft cloud service—such as Azure, Office 365, Microsoft Intune, or<br />
Microsoft Dynamics CRM Online—that subscription includes an Azure AD directory. By default, this<br />
directory includes a subdomain in the onmicrosoft.com domain, but most organizations assign a<br />
custom domain name to the directory. For example, Contoso Corporation might start with the default<br />
contoso.onmicrosoft.com subdomain but add contoso.com as a custom domain. This configuration<br />
makes it possible for users to sign in and access local or cloud-based resources using a familiar email<br />
address.<br />
Each dedicated instance of Azure Active Directory (Azure AD) is called a tenant. Although Microsoft<br />
hosts the service in its massive and worldwide Azure infrastructure, each Azure AD directory is completely<br />
isolated from other directories, as shown in Figure <strong>10</strong>-1.<br />
125