Win10 Authentication Evolution Empowered by Azure Active Directory


Josh Condie – A month ago, Alex Simons, a member of the Microsoft Identity and Security Services Division started a blog thread that is currently going into detail about how Azure AD will enable a new security  paradigm for access control with Windows 10 (see HERE). 

This is very relevant to the SMB community!  We’ve all heard the news reports over the past 2 years about major hackings of Fortune 500 companies (i.e.., Target, Home Depot, etc.), as well as government offices (IRS) and their contractors.  What a lot of SMBs don’t realize is that in many of these cases a small business’ lack of security was a means to accessing the larger companies network.  Therefore, it is imperative in this new world of cyber-warfare that all commercial entities, of any size, take precautions to protect theirs and their business partners’ networks.  Moving away from the simple username/password construct is one key to achieving this.  And with the right balance of security (multi-factor authentication) and convenience (ie., Single Sign-On), end users won’t feel a blow to their efficiency and productivity.

With this in mind, Azure Active Directory will be uniquely integrated with Windows 10 to make the evolution to greater security (even in the cloud) an easier step, with a high perceived value (ie., partner opportunity to implement).

Start HERE to follow the BLOG series

Specifically, this integration will provide the following:

  • Self-provisioning of corporate owned devices. With Windows 10, employees can configure a brand new device in the out-of-box experience, without IT involvement.
  • Use existing organizational accounts.  Employees can use their Azure AD account to login to Windows (the same account they use to sign into Office365).
  • Automatic MDM enrollment. Windows 10 PC's and tablets can be automatically enrolled in an organizations device management solution as part of joining them to Azure AD. This will work with Microsoft Intune and with 3rd party MDMs.
  • Single Sign-On to company resources in the cloud. Users will get single sign-on from the Windows desktop to apps and resources in the cloud, such as Office 365 and thousands of business applications that rely on Azure AD for authentication.
  • Single Sign-on on-premises:  Windows 10 PC's and tablets that are joined to Azure AD will also provide SSO to on-premises resources when connect to the corporate network and from anywhere with the Azure AD Application Proxy.
  • Enterprise-ready Windows store. The Windows Store will support app acquisition and licensing with Azure AD accounts. Organizations will be able to volume-license apps and make them available to the users in their organization.
  • Support for modern form factors. Azure AD Join will work on devices that don't have the traditional domain join capabilities.
  • OS State Roaming. Things like OS settings, Desktop wall paper, Tile configuration, websites and Wi-Fi passwords will be synchronized across corporate owned Azure AD joined devices.