News

Windows Azure Active Directory Group Management 'Preview' Capabilities Released

• By Kurt Mackie
• 12/05/2013

Microsoft this week has released a "preview" of two group management capabilities in Windows Azure Active Directory (WAAD).

WAAD is a free service that Microsoft initially released in April, but parts of it are still getting improvements. A preview of new group management capabilities now can be seen by users of Microsoft's Windows Azure Management Portal. Using this portal, IT pros can now "create or delete new security groups," in some cases. It's also possible to view groups in the portal that were created by either local Active Directory management or Office 365 management. The local Active Directory viewing capability of the preview requires that directory synchronization be turned on first.

These two new capabilities are no-cost enhancements of the free Microsoft WAAD service. However, the capabilities have some nuances and limitations. For instance, groups can be created to manage access to SharePoint Sites, but not Exchange yet. "We will add mail-enabled groups for Exchange in a future release," explained Alex Simons, director of program management for the Active Directory team, per Microsoft's announcement.

In addition, what users can do often depends on where the groups were sourced. If the groups were sourced from an organization's local Active Directory, then IT pros cannot use the Windows Azure Management Portal to delete or manage those groups. They have to use their local Active Directory instances for those tasks, according to the announcement.

If the groups were sourced from Office 365 management, then IT pros have to use the Exchange Admin Center to manage the groups. However, deleting groups is a bit different. Groups sourced from Office 365 or WAAD can simply be deleted using the Windows Azure Management Portal.

Microsoft charges for some of its WAAD management capabilities as part of its Premium offering, which the company issued as a preview late last month. One capability only available with WAAD Premium version is the ability to carry out group provisioning of Windows Azure-integrated software-as-a-service (SaaS) applications, which Microsoft describes as its "application access" add-on to Windows Azure. It's still free for organizations to use WAAD to assign users to these "preintegrated" SaaS apps, which enables single sign-on access to a gallery of more than 500 apps. However, assigning groups to those SaaS apps is considered by Microsoft to be part of the "advanced" capabilities that requires paying for Microsoft's WAAD Premium offering.

Clearly, Microsoft is aiming to hook organizations on using the full WAAD management capabilities available with the Premium version. Pricing for the Premium version hasn't been announced yet since it's still at the preview stage.

Microsoft is contemplating adding additional capabilities to WAAD in a future release, although it's not clear if they will be built into the free product or will be part of the Premium one. For instance, Microsoft may add the ability to "create and manage nested groups in the Windows Azure Management Portal." Another possible WAAD addition is the ability to "enable end users to create and manage their own groups."