Managing Windows Azure AD from the Windows Azure Portal 2– Explore the Directory Features

Here there’s the second of three super quick visual guides about playing with the new Windows Azure Active Directory features in the Windows Azure portal. Please make sure you read Alex’s announcement and watch Abhishek’s video first! Also, you should read the first post of the series first.

I’ll try to keep the word count down, and let the screenshots speak! Hopefully this will entice you to try things yourself, and provide some reassurance if you are going through the process and get stuck. Note, I didn’t work at all on this great feature! All the credit goes to the UX and directory teams, who did a super job here. I just went through the following steps as any other customer would, and took screenshots along the way.

I broke down things in three posts:

1. The first post shows you how to sign up for a new Windows Azure subscription using an organizational account from an existing Windows Azure Active Directory tenant (e.g. your existing directory from an Office 365 subscription, etc). This option is actually not new, it was already available to you few weeks ago. I captured it anyway to give you a full end-to-end walkthrough with coherent names & screens.
2. This post will go through the main directory management features offered by the portal
3. The third post will demonstrate something really really cool: we’ll create a new directory user, make it a global admin in the directory, and a co-admin in the Windows Azure subscription. Then… we’ll configure that account to enforce phone-based additional authentication factor when accessing the portal pretty awesome, eh? Spoiler alert: there will be pictures of my phone.

Ready? Let’s pick things up where we left them.

 

Click on the directory’s entry.

Here you move one level deeper in the UI (note the big arrow on the top left corner) and gain access to the directory features. The first one, as you might expect, is the suer management. Let’s click on one random user in my small crew:

 

Pretty standard user management options, right? Click on the highlighted arrow to go out, and click on “domains”.

 

You use this option to register your domains with Windows Azure AD. The process is simple: you start with specifying your domain…

…click add, then click on the “next” arrow…

 

…and you’ll get instructions (with helpful links) on how to verify that you actually own the domain. I didn’t go through it with mine, but you can find the process well documented.

 

If you just come out of the preceding dialog, you’ll see that Windows Azure AD remembers the domain you added but warns you that it is not verified yet.
Click on directory integration to conclude our quick visit.

 

Here you can find instructions and controls for setting up directory synchronization with your local active directory, if you choose to set integration up. Very handy!

That concludes our quick tour of the main Windows Azure AD features in the Windows Azure portal. But wait, there’s more! How would you like to protect access to your Windows Azure subscription with multiple authentication factors? What if you could achieve that simply by using what is already in your admin’s pockets? If you are curious, read on…