Azure Active Directory Guide

I might have mentioned it before, but I’m really stoked by Microsoft Azure and the things you can do with it. The amount of functionality currently present is stunning (granted some of it is in a preview state). Now there are other clouds that can deliver many of the same features, and the basic services like virtual machines can be delivered by pretty much anyone, but the combination of it all… Well, I like it. Both from the developer perspective, and the IT Pro side of things.

I have worked extensively with different Azure teams for the past year and a half, and I have been thinking to myself that I should write down some of my learnings and put it online. There are a lot of good sources on Azure already online, and I don’t want to just repeat the official docs, so it needed to be something more interesting than that. Since the breadth of Azure encompasses a lot of different technologies I’m certainly not qualified to write about everything, and I didn’t want it to be random un-related Azure "stuff" either, so I decided I had to be more focused.

A lot of what I do with Azure in my day job comes back to there being one central foundation for so much of it, and that part is Azure Active Directory. So, how about a guide on Azure Active Directory? I’m sure there are at least five other people than myself interested in that 🙂 The Azure AD teams have a lot of good stuff in the pipeline so I should be able to keep myself busy for a while as it trickles into public previews and eventually GA.

I’ve previously done multi-part series directly on this blog where I’ve maintained an index post, and added different pieces as I’ve went along. If you’re following in an RSS reader it’s very readable and nice, but it doesn’t feel as cohesive as one might like. After all, there is a reason the MSDN library is built in a strict hierarchical manner instead of random rants spread out over time. As such I have set up a separate site for this purpose:
https://aadguide.azurewebsites.net
The "raw" site is on GitHub:
https://github.com/ahelland/AADGuide

You’ll probably prefer the first link, but you can approach it the way you like it.

This does not mean I’ll be abandoning this site yet, even though the posts have become more infrequent, it just felt more right releasing it this way. Visual Studio might not be what you would normally call a blog utility, but I’ve used it as such for building out the initial content 🙂 (All content is written in Markdown.)

I’m not saying everything Azure AD is there yet; after all it is a work in progress, but I’ve written down some starter content and I’m actively working on producing more. You just don’t have an idea how much Azure AD actually includes before you start lining up the articles you’d like to write! The guides will be directed both towards the IT Pro crowd on how to value-add Office 365, Virtual Machines, etc. as well as developer articles on how to integrate apps with Azure AD and use it as an identity back-end.

To start things off I would like to point you in the direction of an article that I originally started out writing as a blog post for this site, but ended up re-working slightly and turn into an entry in the Azure AD guide instead:

Azure AD Join in Windows 10
http://aadguide.azurewebsites.net/aadjoin/

From the enterprise side of things this fills a gap compared to the consumer oriented setup of Windows 8.x, and I find myself liking this feature quite a lot so far.

I hope you like it, and don’t stop giving me feedback or questions in general.

ADAL and Web Authentication Broker on Windows Phone 8.1

One of the components I highlighted as an improvement to the MDM enrollment process in Windows Phone 8.1 was support for Web Authentication Broker (WAB):
http://mobilitydojo.net/2014/04/02/windows-phone-8-1-mdm-enterprise/

Which itself was “ripped” from the Windows 8.1 bits:
http://mobilitydojo.net/2013/09/23/understanding-windows-8-1-mdm/

At any rate; it is a nice way to hook into Azure Active Directory, and by extension your on-prem AD as well if you’re doing DirSync. (Or ADFS if you are so inclined.) What I used in the MDM process was the .Net server side implementation suitable for browsers.

Unfortunately using WAB natively in Windows Phone was not as easy. Yes, the WAB component is present in the operating system, but it requires some effort to get started with nonetheless. Active Directory Authentication Library, or ADAL for short, was/is the package responsible for making AD integration easier in .Net server side and now it’s finally present for Windows Phone 8.1 as well. Now you can easily use AD as your authentication in your Windows Phone app without problems, without VPN/reverse proxying and all that stuff. Just include the necessary NuGet package in your VS solution and you’re almost there. (Yes, you still need to write some code yourself.)

The funny thing is that this library was available for iOS and Android before Windows Phone even though Active Directory is just about as Microsoft as you get technology wise, but now you should be golden whatever your mobile preference is Smilefjes

Usually I’d whip up some code for you to try this, but in this case I will let the work already done by Vittorio Bertocci illustrate the moving parts instead. There’s a nice code sample over on the official AzureAD GitHub page:
https://github.com/AzureADSamples/NativeClient-WindowsPhone8.1

Not to mention a blog post with some more details:
http://www.cloudidentity.com/blog/2014/06/16/adal-for-windows-phone-8-1-deep-dive/

Short post, I know, but useful little trick I hope.

Using Azure AD Directory Extensions with Calendar Publishing

I ran through a setup three weeks ago where I used the “Directory Extensions” preview feature in Azure Active Directory to show how I could store an extra id on the user object and use this attribute in a different web app:
http://mobilitydojo.net/2014/04/08/extending-your-azure-active-directory-part-1/

Not feeling entirely done with creating samples I’ll be building another web app showing another scenario where directory extensions might be a useful approach. We’ll extract some data from Office 365 (Exchange Online more specifically), and insert into Azure AD and re-use it.

Exchange Online has this neat feature where you can publish your calendar externally so anyone can check it without being a member of your Active Directory. Actually, it’s not just Office 365 users who get this – Exchange 2013 on-prem can do so as well, but this sample will only explore the clouded version. (You can probably tweak it to work with a local Exchange Server if you like; the differences are probably fairly minor.) I’m not saying there aren’t drawbacks to using this feature, you certainly should not expose all details in your calendar to the general public, but it can be useful in a couple of scenarios and you don’t have to share all the details either.

Read more