After two years of work, Microsoft has unveiled details and its strategy around Active Directory for the cloud, anointing it the centerpiece of a comprehensive online identity management services strategy it thinks will profoundly alter the ID landscape.

The company said changes to the current concepts around identity management need a "reset" to handle the "social enterprise." Microsoft says it is "reimagining" how its Windows Azure Active Directory (WAAD) service helps developers create apps that connect the directory to SaaS apps and cloud platforms, corporate customers and social networks.

"The term ‘identity management' will be redefined to include everything needed to provide and consume identity in our increasingly networked and federated world," Kim Cameron, an icon in the identity field and now a distinguished engineer working on identity at Microsoft, said on his blog. "This is so profound that it constitutes a ‘reset'."

At the center is WAAD, which is in use today mostly with Office 365 and Windows Intune customers. WAAD is a multitenant service designed for high availability and Internet scale.

In a companion blog post to Cameron's, John Shewchuk, a Microsoft Technical Fellow and key cog in the company's cloud identity engineering, provided some details on WAAD, including new Internet-focused connectivity, mobility and collaboration features to support applications that run in the cloud.

Shewchuk said the aim is to support technologies such as Java, and apps running on mobile devices including the iPhone or other cloud platforms such as Amazon's AWS.

Shewchuk said WAAD will be the cloud extension to on-premises Active Directory deployments enterprises have already made. The two are married using identity federation and directory synchronization.

He said Microsoft made "significant changes to the internal architecture of Active Directory" in order to create WAAD.

As an example, he said, "Instead of having an individual server operate as the Active Directory store and issue credentials, we split these capabilities into independent roles. We made issuing tokens a scale-out role in Windows Azure, and we partitioned the Active Directory store to operate across many servers and between data centers."

Some analysts are already noting the challenges Microsoft will have with its cloud directory.

Mark Diodati, a research vice president at Gartner focusing on identity issues, told me in a conversation about changes the cloud is forcing on enterprise ID management that, "the addition of tablets and smartphones into the enterprise device mix exceeds Active Directory's management capabilities and there is an impedance mismatch using Kerberos across the cloud."

While Shewchuk laid out the set-up for a Part 2 of his blog that will focus on enhancements to WAAD, Kim Cameron painted the bigger picture on cloud identity going forward.

He said companies adopting cloud technology will see dramatic changes over the next decade in the way identity management is delivered. "We all need to understand this change," he stressed.

Cameron said identity management as a service "will use the cloud to master the cloud", and will provide the most reliable and cost-effective options.

"Enterprises will use these services to manage authentication and authorization of internal employees, the supply chain, and customers (including individuals), leads and prospects. Governments will use them when interacting with other government agencies, enterprises and citizens."

And he added that enterprises will have to move beyond concepts that have guided their thinking to date.

See also: