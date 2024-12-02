These two identity and access management improvements are aiming organizations that want to tap their local Active Directory infrastructure to handle passwords instead of using “cloud” datacentres outside their premises for this purpose. Microsoft already has a way to do that using its Active Directory Federation Server on premises. However, Microsoft is promising an even more simplified approach with the new previews.

The announcement follows the fact that companies have typically requested a simple way to have single sign-on access, but they also want the password information to stay on premises.

Azure AD Pass-Through Authentication, available as a preview, uses a connector located on an organizations on-premises infrastructure to validate an end user requesting network access. This system works with “absolutely no caching of the password in the cloud,” according to Microsofts announcement.

Even password resets carried out by end users get validated on local infrastructure with this approach. The system has automatic load balancing for high availability “without requiring additional infrastructure.”

The seamless single sign-on capability, also at preview, lets end users with domain-joined machines connect to Azure AD and other Azure services with the same facility as accessing local network resources, according to a Microsoft video. The single sign-on capability works using an organizations local Azure AD infrastructure.

The seamless single sign-on capability is an addition to Azure AD Connect tool. Organizations using Azure AD Connect or password hash synchronization can test it.