Microsoft Updates Preview of Azure Active Directory Pass-Through Authentication
Microsoft this week announced that it has updated its preview of Azure Active Directory Pass-Through Authentication.
Pass-Through Authentication is Microsoft’s more simplified means of accessing services such as Office 365 services, and Microsoft claims it’s done without having to store passwords on Microsoft’s datacenter infrastructure. Under this scheme, organizations can access Microsoft’s services using their own local Active Directory infrastructure. Pass-Through Authentication is billed as being simpler to set up than Active Directory Federation Server (AD FS), a Windows Server role that’s used on premises to enable single sign-on access to Office 365 and other services.
Microsoft’s announcement indicated that it has now improved a basic aspect of the Pass-Through Authentication preview, namely user access via “public key/private key encryption between Azure AD and on-premises agents.” It’s also using HTTPS for secure connections.
The preview now supports “any attribute” when configuring an “Alternate ID in Azure AD Connect,” Microsoft indicated. Azure AD Connect is Microsoft’s wizard-like tool for setting up identity and access management connections with Azure Active Directory. When organizations add Pass-Through Authentication, it gets done by specifying a custom installation of the Azure AD Connect tool.
Lastly, Microsoft’s announcement explained that just two ports, Port 80 and Port 443, are now needed to deploy Pass-Through Authentication.
Microsoft’s Seamless Single Sign-On preview also got a bit of tweaking this week. Seamless Single Sign-On is another Azure AD Connect option. It enables domain-joined machines to connect to Microsoft’s services by authorizing the user’s identity. This week, Microsoft improved the Seamless Single Sign-On preview by making it such that end users no longer have to enter their user names to access services when using “tenant-specific URLs.” An example of a tenant-specific URL might be “outlook.office365.com/owa/contoso.com,” according to Microsoft.
Microsoft had announced previews of both Pass-Through Authentication and Seamless Single Sign-On as back in December. The two technologies, in combination, promise to avoid the complexity of installing AD FS to access services. At least that’s how Microsoft Most Valuable Professional Sean Deuby explained it in a January Semperis blog post.
“If you’re using password synchronization, adding 3SO [Seamless Single Sign-On] will eliminate password challenges for your on-network corporate users,” Deuby wrote. “If instead you enable PTA [Pass-Through Authentication] along with 3SO, you have practically the same value as AD FS for the specific Azure AD authentication…