Windows Azure Active Directory和Office 365集成

Question

In my company, we are using Office365 for our emails. In addition to this, we are using Windows Azure Active Directory to secure some applications.

Now I've been asked to create some kind of link between our users in Office 365 and Windows Azure Active Directory. The point would be to have some admin applications deployed and secured with WAAD but for which the users are the ones from Office365.

I've found lots of documentation on the web on how to sync directories but not really anything stating clearly that this is possible.

I'd like to insist on the fact that it is our own application that we'd like to secure like this.

Thanks

Answer 1

(Edit 2018-03-23: This answer was updated to reflect changes in the new Azure portal.)

The underlying directory for Office 365 is Azure Active Directory (Azure AD). This means that if you have an Office 365 account, you already have a directory -or "tenant"- in Azure AD.

In your case, I think what you want to do is move from securing your application with a different Azure AD tenant (under a different domain), to securing your applications with the tenant you got when you started using Office 365. The key here is to be able to get access to your Office 365 tenant from the Azure portal.

All you need to do is sign in to the Azure portal ( https://portal.azure.com ) with you Office 365 account (which, remember, is an Azure AD account), and head over to the "Azure Active Directory" blade. (Note: You do not need an Azure subscription in order to manage your Azure AD tenant in the Azure portal.)

Now you can go about adding and configuring apps to the Office 365 tenant so that you can use that tenant to secure your apps.

Extra: Since you've already started doing things with another Azure subscription (presumably your Microsoft Account, MSA --formerly LiveID--), you might be interested in transferring that Azure subscription to be owned by an account in your primary Azure AD tenant: https://docs.microsoft.com/en-us/azure/billing/billing-subscription-transfer

Answer 2

If the aim is to make the Office 365 directory available inside the Azure portal, this currently works:

In the Azure portal, under Active Directory, click the New button, then Directory, then Custom Create. In the Directory pull-down, select 'Use existing directory' and follow the instructions to sign out and sign in using your Office 365 admin user. This will make your Office 365 directory available inside your Azure portal (in addition to any other Azure directories you have access to.)

Answer 3

When you setup your Azure Subcription did you use the same account you used when you setup your Office 365 Subscription? If so you should be able to see an existing WAAD instance when you log into Azure that has your @*.onmicrosoft.com domain registered against it. If you don't see that you may be able to add the domain to Azure subscription assuming of you are the domain admin. See here: http://blogs.msdn.com/b/bspann/archive/2013/10/20/adding-existing-o365-directory-to-azure-msdn-subscription.aspx

Answer 4

For the sake of completion, I hope the OP would come back and accept the answer provided by Philippe.

I found this that was quite helpful: http://blogs.technet.com/b/ad/archive/2013/04/29/using-a-existing-windows-azure-ad-tenant-with-windows-azure.aspx