Yes. WAAD does not present to Windows servers in the same way that AD does. If you want to make queries against WAAD you'll need to use graph API and probably rework your apps if you need to do fine grained access control.
Think of WAAD as a light-weight directory that you use as a small business. Large businesses with IaaS workloads will typically use WAAD in conjunction with on premise AD or AADDS. If all you need to do is put WAAD authentication in front of a web app, then this is a piece of piss. Just deploy your app into App Server or App Service Environment and then turn on Azure AD auth. The App Service intercepts requests and does the SAML login for you transparently. The logged on user gets presented back to the app in a cookie. Alternatively, if you need something closer to traditional AD, then Microsoft have AADDS - Azure Active Directory, Directory Services ( https://azure.microsoft.com/en-us/services/active-directory-ds/) this shares the same user principles as WAAD but also exposes traditional DS interfaces so you can domain join servers and so on. David. On Wed, 21 Jun 2017 at 09:51 Greg Keogh <gfke...@gmail.com> wrote: > Folks, I'm wondering if Azure Active Directory might be a suitable > candidate for running our authentication and permissions. > > We have a growing number of programs, services and mobile apps which > currently perform authentication against a 1990s vintage database which > contains users, passwords, permissions, etc. Our core services and data > storage are moving to Azure, so is this could be a chance to replace the > old system with Azure AD? > > I've been reading about Azure AD, but so far it's all marketing fluff and > I can't get meaty technical details to decide if it's suitable. Can anyone > with experience in this area give me a potted summary of the pros and cons. > Perhaps it's expensive, or there are complicated dependencies, or something > else I'm not aware of. Can Azure AD be integrated for single sign-in with > popular social media accounts and Gmail or MSDN? > > *Greg K* > > P.S. Thanks to a hint from someone in here many months ago I did look into > Auth0 <https://auth0.com/>, and I sanity checked it works great. Sadly, > our CTO is prejudiced against a provider like Auth0 because "it doesn't > match our usage model" (however, I'm going to keep this option alive). > -- David Connors da...@connors.com | @davidconnors | LinkedIn | +61 417 189 363
