Organizations subscribe to Microsoft Office 365; they synchronize their Active Directory and enable single sign-on (SSO). What they do not know is that they now have a bunch of capabilities available to them, many of them free, from their Microsoft Azure tenant. Yes, you heard correctly, their Azure tenant. But, wait a minute Pat; you said they subscribed to Office 365, not Azure. So how can they have an Azure tenant? Glad you asked.

Let me explain.

Office 365 uses Azure Active Directory as its identity provider. Anytime a user tries to login to Office 365, their credentials will be checked against Azure Active Directory. So, when a customer subscribes to Office 365, an Azure tenant is created in the background. The Azure Active Directory in that tenant becomes the identity provider that Office 365 will use to authorize access.


Typically, a customer will synchronize their Active Directory with Office 365, but in reality they are synchronizing their Active Directory with their Azure Active Directory in their tenant that was created in the background. Why is this important?

Let me continue.

The Azure tenant and the Azure Active Directory instance that you now own is free, but it can provide some significant capabilities of which you should be aware. While it can provide single sign-on for Office 365, it also can provide single sign-on for over 1800 other cloud providers, such as, Citrix GoToMeeting, Concur and more.

You can federate directly from the Azure tenant to the cloud provider, and your users can then use that to achieve single sign-on to those providers. Nice, eh? SSO for Apps is free for up to 10 cloud apps per user.


If you choose to go beyond free in the Azure Directory Services area, you can purchase Azure Active Directory Premium. If you do you then get the ability to create security groups to better manage the access for those cloud apps, unlimited use of SSO for apps, self-service password reset (web-based), Azure Multi-factor Authentication (MFA) Services, and enhanced auditing and reporting. And if that were not good enough, then there’s Enterprise Mobility Suite (EMS).

Microsoft has bundled Azure Active Directory Premium, Azure Rights Management (RMS) and Windows Intune into a single service named Enterprise Mobility Suite. We have already looked at what Azure Active Directory Premium buys for you. But let’s take a closer look at the other parts of EMS.

Windows Intune is Microsoft’s device management service in the cloud. It offers policy-based management of Windows, Android and iOS devices. Yep, that’s right, not just Microsoft devices. Azure RMS allows for encryption of files at rest, and policies that control who can open (and decrypt) the files, who can forward emails if the file is attached and more.

It also works on Windows Android and iOS devices. So, with the Enterprise Mobility Suite, you get to elevate your Azure tenant and your Azure Active Directory instance to secure access to cloud apps and provide multi-factor authentication across those apps.


While many customers think they have simply provided Office 365 to their users, and then go searching for cloud identity and security solutions, they are surprised to discover that it is available in the background in their Azure tenant.

Do you need better access for your users to cloud apps? Do you need multi-factor authentication? Would self-service password reset for your users be helpful for your organization? Are you looking for a solution to manage the explosion of mobile devices? Is your data protected, especially given the explosion of mobility and cloud folders for sharing files?? Look no further than Azure for the solutions for all these needs.

To learn more about CDW cloud solutions, go to