Azure Active Directory and Windows 10: Microsoft’s Hybrid Vision
As more and more companies make the transition from On-Premise to the Cloud, Microsoft believes that there will be a phase where companies run both data centers in parallel. Microsoft believes that this Hybrid state will last for approximately 10 years. Beyond these years most workloads will be in the cloud.
How can organisations manage users and devices from a single source of truth? Microsoft has assisted with this Hybrid state allowing companies to administer cloud users, all with the assistance of Azure ADConnect. Today we are in a Cloud First era, if Cloud is not supported why not?
The days of imaging devices and adding them domains maybe coming to an end. Companies will soon be able to manage Windows 10 (slated for first update) by simply joining them to Azure AD, with Azure AD Join.
This will be compatible with Microsoft Intune. Users will get a single sign on experience from their on premise applications, device and their cloud applications. This will be the start of large organisational process changes and is important as companies look to manage the plethora of mobile devices. If your next device refresh is the same as your last one, it may be an outdated solution.
Let’s go for a test! I installed Windows 10 build 10074 with Hyper-V on my laptop with 1.5 gig ram allocated (works, but definently needs resources), after installing I was presented with this screen
Here you can click Express or Custom, this just changes your Feedback and other experience related settings, then I got a loading screen
Then I selected “This Device Belongs to my Company”
I clicked continue make sure you read this screen first
Then I typed in my username and password
I got my password wrong first time, but this error gave me something interesting, my Azure AD branding that I configured at TechEd Australia last year came through.
Then I got this screen, after 10 minutes watching the circle I went got a coffee then played with my phone.
Then I got this log in screen
Then this error. Not sure if it was a VM, network or ram issue.
I selected Try Again and it worked immediately. Please note the default PIN complexity requirements. This pin may now automatically work across several different devices.
But what does this mean and what has happen to my machine? It is not on a domain, but if you check the sysinfo it says my logon server is \\AzureAD.
Edit: I tested SSO for Office 365 and Azure as suggested by Alex Simons. I could only get Azure SSO to work. With Office 365 each time I tried to enter the URL it would redirect back to Office 365 login page.
I am sure in the coming months we will see more features and capabilities added. Keep a look out for more on this topic at this year TechEd’s, Ignite and Build events around the world.
The key benefits and capabilities of Azure Active Directory and Windows 10:
- Consistent user experience.
- Single Sign on
- Automatic Enrollment
- Support modern form factors – devices that don’t have domain join functions.
This feature has huge potential so it is good to start planning any organisational transformations before Windows 10 goes GA.
Look at the following comment from Deniz regarding this new feature”Works great, well done, already started planning to decommission all onprem servers including ADs and work with AzureAD only with a fileserver vm in Azure.”
To get started refer to the following article:
Post by Alex Simons and Ariel Gordon
And follow these twitter handles
To start planning for your business transformation you can deploy and test these features all from within your Microsoft Azure subscription and a VM. If you don’t have an Microsoft Azure subscription you can take a trial here.
Aaron Whittaker @AaronW2003