Azure and Active Directory: New releases and previews
- By Kurt Mackie
- Dec 15, 2014
In addition to announcing general availability of the Azure Government cloud last week, Microsoft also released several Azure products and previews, including Active Directory improvements.
Of the new services, only four are at the general availability stage. Everything else is at the test level.
Those features released for general availability include:
- Azure RemoteApp: for use in mobile scenarios, distributed work environments or for organizations that juggle variable app workloads. Users can access applications over the Internet that run on a virtual machine on top of Windows Server 2012 R2, either located in Azure or on premises or both. Brad Anderson makes the case for using it, and an illustrated setup process is shown in this blog post.
- Media Services: for organizations needing the infrastructure to control streaming media. Helpful links here.
- Disaster Recovery to Azure: the Site Recovery service has been extended to serve as a disaster recovery solution, "for enabling Virtual Machine replication and recovery between Windows Server 2012 R2 and Microsoft Azure without having to deploy a System Center Virtual Machine Manager on your primary site."
- Azure Active Directory Application Proxy: lets organizations provide access to premises-based web applications over the Internet while using Azure Active Directory services for user authentication. Microsoft added support for Kerberos constrained delegation with this release.
Preview features include:
- Premium Storage: a new service that stores data on solid-state drives ranging "up to 5,000 IOPS and 200 MB/sec," with setup explained here.
- SQL Database Update: adds SQL Server compatibility with improved T-SQL support, along with analytics platform support for Hadoop and a new Java SDK for DocumentDB (Microsoft's NoSQL document database service), with another summary available here.
Azure Active Directory preview releases
The December release also included some Azure Active Directory features at the preview level. The No. 1 requested feature, now in preview release, is an "administrative units" capability. It's for large organizations that need to restrict administrative access according to specific regions or business units. That's done by scoping the access.
A Microsoft-produced Channel 9 video illustrates the administrative access concept in diagram form here. So far, though, there's no graphical user interface controls for administrative units controls. It's done using PowerShell for now, as explained in the Active Directory Team blog post, which also noted some current limitations.
Another feature at the preview stage is a "question-based security gate for password reset" capability. It allows password resets to be performed by employees who don't have "company-supplied e-mail addresses or phones at work," according to Microsoft's Active Directory team blog post. The security is bolstered by setting up challenge questions for end users.
Microsoft added a preview of the ability to enable single sign-on access to a company's custom Web apps. This password-based single sign-on capability "enables you to manage user access and passwords to Web applications that don't support identity federation," Microsoft explained.
In addition, Microsoft added the ability for an IT administrator to add links to apps listed in the Azure Active Directory Access Panel, which is a Web-based portal that's used by end users for accessing Web applications. Accessing those apps doesn't require single sign-on. Moreover, the apps don't have to be located in the Azure Active Directory application gallery, the Azure team blog explained.
If all of that isn't enough to consider, Microsoft elaborated on its December Azure releases in various company blog posts. Here's a shorter summary of the December releases, along with a list of blogs (likely not a complete one) on the new capabilities:
Microsoft has still another comprehensive tallying of the December Azure releases in this cloud-plus enterprise blog post.
A longer version of this article appeared on Redmond Magazine, a sister site to GCN.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.