First look: Windows Azure Active Directory preview
Our analyst suggests giving this Microsoft release for app developers a pass. Here's why
How does on-premises Group Policy work when ported to Active Directory in the cloud, or vice versa? Group Policy has been integrated with Active Directory and Windows Server since the 2000 release and most corporations have extensive deployments of Group Policy objects that manage access and permissions to a variety of servers, files and settings within the security domain.
But Group Policy is functional only with on-premises deployments, at least as it is currently written. How will this policy information carry over into the cloud? Will administrators be able to set Group Policy-based access to cloud services and get very granular with those permissions? Will they be able to set Group Policy Objects, or GPOs, on premises using existing Microsoft-built and third-party-developed management tools that companies have already invested significant money in? Will Group Policy administration move to the cloud and "trickle down" over time to on-premises deployments?
I can find no public statement about how Group Policy will grow and change along with cloud-based directories, so this is absolutely an area to watch as WAAD continues down its development path.
How does Windows Intune fit in with WAAD? Microsoft has been marketing Windows Intune as a way of bringing together the management of both domain-joined and non-domain-joined Windows machines in addition to iOS-based devices like the iPhone and iPad, and Windows devices.
Intune's meant more for small to midsize organizations that would like to manage all their IT assets from the cloud. The Intune model doesn't really integrate well with other management tools, making it a poor choice (at least in its current iteration) for larger organizations.
But since we don't know much about how Group Policy will work, is it possible that the Windows Intune management infrastructure will be subsumed into WAAD, and computer and device management will be enabled from there? Is this a way to bring integrated computer and device management to the cloud, particularly for larger customers with big numbers of deployed computers, and away from on-premises solutions? There may be an interesting story to tell here in the coming months; stay tuned.
What about Kerberos support? Kerberos is used in Active Directory environments to perform transparent seamless authentication and authorization, and while it's the basis of all Active Directory transactions, it is of particular emphasis and importance in cross-platform environments.
For example, large universities typically leverage Kerberos protocol sets to allow Unix and Linux, as well as Macintosh, machines to authenticate against Active Directory since those operating system platforms dont natively support the way Windows typically exchanges security information with Active Directory.
With WAAD, there's no mention of Kerberos support. With all of the talk of mobile support and managing identity information for phones, tablets and other devices, one is left to wonder whether support for Macs and Linux machines will be included with this release of WAAD. This could be a significant drawback to deploying this technology for organizations with large sets of non-Windows computers.