Cloud Computing|Microsoft Azure

New Azure AD Admin Experience


This post will discuss the recent launch of a preview Azure AD administration experience in the Azure Portal.

Azure AD — Not What You Think It Is

Based on my day-to-day dealings with potential customers of Microsoft cloud services, few people understand what Azure AD is. Most people hear the name and assume that Azure AD is a cloud alternative to running on-premises domain controllers; they think that they can join Windows 7 PCs to this domain and get Group Policy. Sorry; but that’s not what Azure AD is.

Azure AD is a cloud extension of Active Directory for SaaS applications. For example, Azure AD is the username & password hash store for signing into all of Microsoft’s SaaS applications, including Office 365 and EMS, and is used for authenticating and authorizing usage of an Azure subscription. We can also use Azure AD for enabling single sign-on into third-party clouds, such as Google Apps and AWS.

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts.

Microsoft has grown Azure AD to offer more on top of on-premises AD; if you want self-service sign-in, self-service group management, proxied access to IIS-based internal applications, auditing, and more, then Azure AD (probably one of the per-user licensed Premium SKU upgrades) is the path to take.

Administration Challenge

Those of us working with newer Microsoft cloud systems have had a problem with Azure AD. Microsoft has 2 UIs for managing Azure. The first is the older Management Portal; this portal, which is no longer being developed, includes the original experience for managing Azure AD. The second Azure UI is the newer Azure Portal, which is evolving on a daily basis; up until recently the only trace of Azure AD in this portal was a hyperlink that launched the older Management Portal in a new browser tab.

OK, so I need to use two portals, but that’s not a big issue … unless you have use the Cloud Solutions Provider (CSP) channel to acquire Microsoft cloud services. This channel does not support Azure Service Management (ASM), and therefore does not support the older Management Portal. If we wanted to manage Azure AD for a customer that subscribed to Office 365 or Azure via CSP, then we had these options:

  • Use the MSOL PowerShell module
  • Use basic user/group management via the Office 365 portal
  • Sign into another non-CSP Azure subscription with a Microsoft Account with global admin rights and import the CSP customer’s Azure AD directory

The New Azure AD Experience

Microsoft finally announced a preview of Azure AD administration in the Azure Portal. This is a preview and displays many of the traits of cloud development. The UI works pretty well in my usage — there are some bugs and it is incomplete. Microsoft is focusing on getting core tasks operational and working well; other tasks will be added over time.

The Azure AD experience uses a graphical implementation of the blade system used in the Azure Portal. You are greeted by a big bright overview screen when you open the tool, full of useful links and quick start tasks. If you want to learn about Azure AD Connect (and you should), then it’s there. If you want to brand the end-user experience with company art and logos, then the link is there. If you want to add/find a user/group, then there are handy quick links.

The overview screen for Azure AD in the Azure Portal [Image Credit: Aidan Finn]
The overview screen for Azure AD in the Azure Portal [Image Credit: Aidan Finn]
There are some bugs and it is incomplete (now), but I have already switched to using this experience by default instead of the Management Portal, for a few reasons:

  • The Management Portal is the past and I try to use only PowerShell and the Azure Portal
  • I work for a CSP Tier 2 distributor, so my customers cannot use the Management Portal
  • The new experience is pretty good — it makes delegation of admin rights to users in external directories much easier to deploy than the older interface. You no longer need to import a CSV file full of account details from an external directory; you just type in the UPN of the external user account in Add User.

If the past is anything to go by, then I’m sure that the Azure AD blades will be very different by the time the feature reaches general availability — with customer feedback and added tasks shaping the administration experience. My advice is that you start using it where you can and give feedback to shape the tool to fit your needs.


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by:

Office 365 Coexistence for Mergers & Acquisitions: Don’t Panic! Make it SimpleLive Webinar on Tuesday, November 16, 2021 @ 1 pm ET

In this session, Microsoft MVPs Steve Goodman and Mike Weaver, and tenant migration expert Rich Dean, will cover the four most common steps toward Office 365 coexistence and explain the simplest route to project success.

  • Directory Sync/GAL Sync – How to prepare for access and awareness
  • Calendar Sharing – How to retrieve a user’s shared calendar, or a room’s free time
  • Email Routing – How to guarantee email is routed to the active mailbox before and after migration
  • Domain Sharing – How to accommodate both original and new SMTP domains at every stage

Aimed at IT Admins, Infrastructure Engineers and Project Managers, this session outlines both technical and project management considerations – giving you a great head start when faced with a tenant migration.the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

Sponsored by: