Azure Active Directory (Azure AD) is a service created by Microsoft and released in 2013. This service has little public awareness and for a good reason: Azure AD is meant to be used by software publishers and IT administrators, consequently it is not visible for end-users. However, this service has significantly transform Office based applications, and more generally most software interacting with Microsoft services. What is precisely Azure AD? Following Microsoft’s documentation, Azure Active Directory is “Microsoft’s multi-tenant cloud based directory and identity management service”. This is probably unclear to you, based on an example let us show how Azure AD could be the foundation of an Office based application for its communication with hosted services on the cloud.
Our company Keluro is a software publisher, its new product Keluro Mail Team allows smart and powerful email assignation within an organization. Keluro Mail Team comes with a free Outlook add-in that can be setup and used by any Office 365 user. Such a user can install the add-in directly from the Office store. When this latter is installed, within the Outlook Web Access or with Outlook Desktop a user can assign a given mail to anyone in its organization. Then, it is possible for any user to “discover” all other members of the Office 365 tenant. Keluro Mail Team needs at least two resources access: from the one hand, an access to the Exchange mail server and from the other hand, an access to the list of all Office 365 user in its tenant.
When setup globally on an organization, it is inconceivable that Keluro Mail Team and Office 365 users were independently registered. Indeed, that would be a nightmare for IT administrators of these organizations: for each arrival or departure of an employee they should update the users in Office 365 and all other services. This is where Azure AD comes into play, the app Keluro Mail Team is registered in the Azure AD of its publisher (which means us: Keluro) as a multi-tenant app, and other Azure AD can use it and delegate the authentication of its users. All Office 365 tenant has its own Azure AD, then it is possible to grant access to Keluro Mail Team to the end-user mailbox and the list of all members of the tenant, these resources only, nothing more nothing less. For the end-users it is very simple, they have no knowledge of the Azure AD even when they install the add-in. For authentication, they enter their Office 365 credentials in a Microsoft hosted window, these credentials are never seen neither manipulated by Keluro Mail Team. After granting access to the resources mentioned before, the application can use them and the authentication protocol is completed. This procedure is known as the OAUTH flow. You may have already use it in other situations, for example when you log into an application with your Facebook credentials.
Why this is a small revolution? Azure AD enables integration of third party applications in enterprise infrastructures very easily. Moreover, based on the example mentioned above, we only used two resources but Azure AD can grant access to all Office 365 services (Mail, Calendrier, Files, Lync, Yammer…) but also to other Microsoft services such as Dynamics CRM, Power BI etc. thanks to the so-called APIs (Application Programming Interface). Everyone can imagine the powerfulness of the applications that can use all these APIs. In addition, Azure AD has also other features very useful for enterprises. Remark also, that it is possible to independent software publishers such as Keluro to propose their own APIs that can be consumed through Azure AD. Now we see that Azure AD is a true hub that orchestrates all applications used within an organization. This is also a huge opportunity for third party companies which can sell great solutions with immediate integration, advanced features and single sign -n.
Edit: Keluro Mail Team is no longer available but you can find all the collaborative features on emails with Keluro - Smart Email Sharing.