Synchronize Office 365 AD with Windows Azure VM

Question

I would like to know if it is possible to sync my Office 365 AD to a VM in Windows Azure to enable user authentication through the VM.

Please note that there is no AD set up at all on the VM.

If it is possible, could you please give me some guidance on how to go about it?

Thanks, Maoz

Answer 1

No, you can't currently sync from Azure AD to Windows Server AD (on a VM).

It sounds like your objective is to have users seamlessly sign in to both Windows (domain-joined machines) and Office 365. This can certainly be done with the only difference being that the directory would be mastered in the on-premises AD, not in the Azure AD directory. Your setup could be something like this:

1. Install a Active Directory in Windows Azure
2. Set up DirSync and SSO so that the Azure AD directory is populated with the contents of you on-premises (in this case, on-Azure) AD.
3. Set up a site-to-site VPN (so that users' Windows machines in the local network can be domain-joined to the AD server on Azure).

Evidently, since you already have users in Azure AD, you will have to prepopulate the Windows Server AD (on Azure) with those users. When DirSync kicks off, they should be matched according to these guidelines.

Also, be sure to read: Guidelines for Deploying Windows Server Active Directory on Windows Azure Virtual Machines.

Since this is an involved process, I highly recommend you add a test domain and do the whole process (create cloud-only users, add AD in Azure, etc.) before hand to iron out all the problems.

Answer 2

No, you can't use Azure Active Directory as a directory service for authenticating to a Windows Server VM. You would need to deploy an AD server in the same VNET as your VM. Since this would be a normal AD DS installation you could DirSync or federate it with AAD if you wanted to use SSO between your Azure VM and Office 365.