Windows Azure Active Directory (AD) Graph API and Hybrid Cloud Identity

Windows Azure Active Directory (AD) Graph API is a feature that allows programmability against MS cloud directory, Windows Azure AD. Windows Azure AD powers Office 365 and Windows Intune.

Scott Guthrie mentioned Graph API in his keynote (01:03:10). There is also drill down session during Teched by Ed Wu:

Session Code: SIA322

Directory Graph API: Drill Down

• Speaker(s):
  Edward Wu

• Thursday, June 14 at 4:30 PM - 5:45 PM in S310E

This session introduces the new Directory Graph API, a REST-based API that enables access to Windows Azure Active Directory (Directory for Office 365 Tenants and Azure customers). We review the data directory model, the Graph API protocol (based on Odata V3 protocol), how authentication and authorization is managed, and demonstrate an end-to-end scenario. We walk through sample code calling the Directory Graph API. A roadmap is also reviewed. #TESIA322

With the introduction of Graph API the hybrid (public/private) cloud identity story becomes even better:

• Deploy your app anywhere – Windows Server, Windows Azure.
• Manage your identity anywhere – Windows Server AD or Windows Azure AD, and they sync!
• Authenticate and query user’s profile from on-prem/private and public cloud.

Consider the following high level model to help embracing the idea of the hybrid cloud organization identity:

Related:

• Windows Azure Security Guidance – Focus on Identity and Access
• Office 365 With Federated Authentication, Identities In Active Directory
• Windows Azure Active Directory on MSDN

Hybrid Identity for Developers.vsd