As reported by InfoWorld, two new services that make Azure ready for production enterprise environments are Windows Azure Infrastructure Services and Windows Azure Active Directory. Many Microsoft shops have been screaming for this since Azure was released.
To extend existing local Active Directory services to the cloud, you can use Windows Azure Active Directory to connect to servers running on Azure, or to bridge the gap. The process is pretty straightforward, and achieved through the creation a hybrid Active Directory forest with domain controllers, one on premise and one in the cloud. This allows you to sync identities and authenticate users across systems.
“However, there are on-premise Active Directory features not available to Azure Active Directory, such as the widely used Group Policy. Currently, only Access Control Services is supported to federate identities between Azure Active Directory and on-premises Active Directory, as well as with other established identity management providers like Google and Facebook. The limited features in Azure Active Directory provide room for third-party assistance.”
The missing pieces are a bit concerning, but clearly this is a step in the right direction for Microsoft and Azure users. I suspect that this will protect some of Microsoft’s install base as the use of public clouds become more popular, and Azure is a clear second place to AWS. However, there is a lot of work needed from Microsoft to fully protect their market share.