Preparing for Windows Azure AD Scenarios and Solutions
Published: December 19, 2013
Before you can try any of the Windows Azure AD scenarios and solutions, you need to verify that you have a Windows Azure account, a Windows Azure subscription, a Windows Azure Active Directory, and a user account in your Active Directory. In this topic, we'll explain how to prepare based on your current configuration.
For instructions, read the section that matches your situation.
I have a Windows Azure subscription
I have a Microsoft cloud service subscription, but I don't have a Windows Azure subscription
I don't have a Windows Azure subscription or a Microsoft cloud service subscription
If you need help, use these reference topics.
If you have a Windows Azure subscription, you're almost ready to go.
Every Windows Azure subscription has a Windows Azure Active Directory, also known as a directory tenant. It might be a directory that an administrator created just for the subscription, but it can also be an existing directory that an administrator associated with the subscription, or a default directory that Windows Azure created for the subscription.
To work with the scenarios and solutions, you will need to find the name of your directory. For help, see Find the name of your Windows Azure Active Directory. You will also need at least one user in your directory that uses the organizational ID of your tenant to sign into the account. For instructions, see Create a user (or select one).
To configure the sample applications, you'll need access to the Windows Azure Management Portal. And to gain access to the Windows Azure Management Portal, you need a Windows Azure account and a subscription. We'll show you how to get them.
But first, you need to make a decision. (Don't worry. You can change your mind later.)
Microsoft cloud services, such as Office 365 and Windows Intune, include an Active Directory -- the same type of directory that is included in a Windows Azure subscription. This directory is often referred to as a "Windows Azure Active Directory" or a "directory tenant." So, you can use your cloud service subscription Active Directory with your Windows Azure subscription or allow Windows Azure to create a new Active Directory for your Windows Azure subscription. Most people prefer to keep it simple and use their cloud service Active Directory for both the cloud service and their Windows Azure subscription. But you might prefer to have a second directory for testing or experimentation.
Just pick the option that works for you now. Your decision is not final. If you decide to create a new Active Directory now, you can associate your cloud service Active Directory with your Windows Azure subscription later. And if you decide to use your cloud service Active Directory with your Windows Azure subscription now, you can add a new Active Directory to your subscription at any time. We'll show you how to set up for both options.
Go to the 90-day free trial site and click Free Trial.
On the Sign up page, click Sign in with your organizational account.
On the sign-in page, enter your Microsoft cloud service user name and password, such as your Office 365 user name and password.
When you complete the Windows Azure subscription sign-up process, your new Windows Azure subscription will be associated with your Microsoft cloud service Active Directory.
To test the scenarios, you will need a user account in your Active Directory. You can use an existing user or create a user for texting. For instructions, see Create a user (or select one).
Just starting with Windows Azure? You're about to discover a world of opportunity, including fast and easy integration of line-of-business applications, web applications, and web services with Windows Azure Active Directory, and must-have authentication services, like single sign-on and multi-factor authentication.
To begin, sign up for a Windows Azure account and create a subscription. You can even get a 90-day free trial.
The person who creates the subscription has the Global Administrator role by default, and the Global Administrator can add other administrators. Be sure that the person who is working through the scenarios and solutions in this section has the role of Global Administrator of the subscription.
Your Windows Azure subscription comes with a Windows Azure Active Directory (also known as a directory tenant named Default Directory. You can rename the default directory and add directories.
Now, you're ready to find the name of your directory and create or select a user. For help, see Find the name of your Windows Azure Active Directory and Create a user (or select one).
As you work through the scenarios and solutions in this section, you'll need information about your Windows Azure Active Directory (also known as a directory tenant).
To find the name of your directory, go to the Windows Azure Management Portal, sign in, and then click Active Directory. At the top of the page, click Directory. The directory name appears in the Name field.
The scenarios and solutions in this section are designed to demonstrate the experience of a new user in your Windows Azure active directory. If the user signs in with a Microsoft account, the sign-in fails.
If your Windows Azure subscription is associated with a Microsoft account, such as a Live.com, Hotmail.com, or Outlook.com account, you will need to create a user account in your Active Directory who signs in with your organizational ID, such as firstname.lastname@example.org or email@example.com.
However, if your subscription is associated with an organizational account, such as a User@<MyBusinessName>.onmicrosoft.com, you can user your existing users to test our scenarios, or create a new user in the same domain for testing.
The Windows Azure AD scenarios and solutions (and our code samples and sample applications) require a user account in the domain of your Windows Azure Active Directory.
Go to the Windows Azure Management Portal (https://manage.WindowsAzure.com) and log in, and then click Active Directory.
Double-click a directory and then click Domains. When you create your user accounts, use the domain name that appears on the page. For example, if your domain is ContosoEngineering@onmicrosoft.com, create user names in that domain, such as Test@ContosoEngineering@onmicrosoft.com.
To create a user account in the domain, click Users. (If you don't see a Users tab, double-click the directory name. A Users tab appears on each directory-specific page.) At the bottom of the page, click Add User.
Add a user in your new domain, such as Test@ContosoEngineering.onmicrosoft.com, and then click the checkmark at the bottom of the page.
On the User Profile page, assign an organizational role to the user. To test most apps, it's best to have at least one user with the Global Administrator role and one user with the User role.