New Azure Active Directory Admin Experience Is Generally Available
Microsoft finally launched an updated interface for managing Azure Active Directory (Azure AD) in the Azure Portal on May 15th. It is available for administrators of all Microsoft enterprise cloud services.
Managing Azure Active Directory
Before May 15th, many of us were in a bit of a quandary with Azure AD. Those of us that were using ARM-only subscriptions, such as the Cloud Solution Provider (CSP), were left in the lurch.
Azure AD is the glue that holds together Microsoft’s cloud services. This identity system provides administrators with a way to access systems and enable users to authenticate against cloud services. Many cloud newbies are unaware of Azure AD. Those user accounts reside behind the likes of Office 365.
For very basic work, the Office 365 portal offers enough of a GUI. For large scale operations, PowerShell can be useful. Once you get beyond resetting passwords and creating the occasional Office 365 group, you will need the power of an Azure AD interface. For example, if you want to use any of the features of Azure AD Premium, you really need an Azure AD tool.
Historically, this tool was the Azure management portal but that tool is not available to anyone with an ARM-only subscription. We are restricted to the newer Azure Portal. However, this newer interface did not have a UI for Azure AD. Those of us that jumped into the CSP channel early, had to learn complicated hacks to open our tenants or Azure AD domains in the management portal. It was messy and unconvincing to those who were new to Azure.
Preview for Azure Active Directory
A preview Azure AD experience did appear but only for a little while. It seemed like this was going to be a Gmail beta going on for years and years. While Azure public previews are technically supported, there is always a risk:
- Microsoft support engineers can be prone to say, “It is a preview, so it is unsupported.” They want to get a quick case closure.
- Previews are unfinished, so there is always an element of a technical risk.
Not long after the preview launched, I started to recommend it for production usage. True, I work in the CSP world. It was the only reasonable way to manage Azure AD. I found very quickly that some changes made the Azure AD experience in the Azure Portal superior to that of the older management portal. For example, delegating administrator access to a person from another Azure AD tenant, such as a Microsoft partner, is much easier now.
Microsoft announced on May 15th that the preview had ended and the new interface was generally available.
You will notice some of Microsoft’s ambitions have been accomplished when you open Azure AD in the Azure Portal. Microsoft wants you to start with a summary overview of your tenant, give you quick access to get common jobs done, and be able to dive deep into the details to do complicated tasks.
In the below screenshot, you can see usage data and the health of Azure AD Connect. You can also see links to common tasks, such as creating a new user or finding an existing user.
Audit logs are an important feature throughout the Azure Portal. It has saved my bacon before and this is also true with Azure AD. You can see audit information for the entire organization and filter this down to a specific user. You can track cloud activity with great detail.
As an administrator, you will occasionally need to investigate a user account. This might be to track suspicious behavior. Most of the time, it is to troubleshoot a problem that the employee is having. Using Microsoft’s language, a good bit of data is pivoted on a user. This enables us to understand the user more and helps with diagnosing the following:
- Group memberships
- Licensing assignments
- Cloud applications with single-sign on
- Azure resources
- Devices that they sign in with
- Audit logs
You Do Not Need an Azure Subscription
A common misunderstanding with cloud newbies is that you need an Azure subscription to sign into the Azure Portal. You do not need an Azure subscription. Even if all you have is Office 365, then you can use this new experience either by going to the Azure Portal or going directly to the new Azure AD tools.
I strongly recommend that you try this tool. I recently saved hours of work by turning on group-based licensing of Microsoft cloud services:
- I created a set of groups on a domain controller.
- Azure AD Connect synchronizes the group to Azure AD.
- I assign CRM 365, Power BI, Office 365, and EMS licensing to the groups.
- The group members inherit licensing from the groups.
- I do not have to spend hours checking boxes to assign licenses to each user account.
Even if you do still have access to the older Management Portal, your reasons for declining to use the newer interface are shrinking. It is time to get with the future and start using the new tools that really do make life easier!