Bigger than AW
Microsoft has today the largest commercial cloud business in the world, surpassing $38 billion in revenue for its last fiscal year (2019) that ended June 30. To put this in perspective, that’s about 4 times the size of Google Cloud which has an annual run rate of $8 billion, or nearly 3 times the size of Salesforce.com which generated $13.3 billion in revenue in its last fiscal year, and still tops Amazon Web Services which brought in $25.7 billion for its 2018 fiscal year that ended last December.
Microsoft is including in its commercial cloud business revenues from its Azure public-cloud computing service—consisting of servers, storage, databases, networking, and software (SQL Server, Windows Server, Visual Studio, System Center, GitHub...)—also referred to as the Intelligent Cloud segment, Office 365 (Office, Exchange, SharePoint, Skype for Business, and Microsoft Teams), LinkedIn, and Dynamics 365 (cloud CRM and ERP). Microsoft are building Azure as the world’s computer addressing customers’ real-world operational sovereignty and regulatory needs. He has 54 data center regions, more than any other cloud provider.
Azure
Well known layers of cloud computing consists of SaaS (applications), PaaS(Software framework), IaaS(computing, network and storage) over Hardware layers. More precise configuration must describe Identity and Risk Management and Billing and system as shown in the right figure.
IaaS is the bottom layer of the cloud architecture pyramid, it provides access to computing resources. The provider handles administration and hardware issues. All the settings of the operating system and application the customer has to manage on his own.
PaaS is “a category that provide a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app. Azure is one og PaaS with AWS and G-Suite.
SaaS is a software distribution model in which a third-party provider hosts applications and makes them available to customers over the Internet.
Cloud Computing Layer
IDaaS
IDaaS is an acronym for Identity-as-a-Service0, and it refers to identity and access management services that are offered through the cloud or SaaS (software-as-a-service) on a subscription basis.
IDaaS (IDentity as a Service)
Azure
Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers. It provides software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS) and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems.
The Microsoft Azure website provides a directory of hundreds of different services you can use, including full virtual machines, databases, file storage, backups, and services for mobile and web apps. Digging through these hundreds of services, you’ll see that you can do practically anything. And for anything Azure doesn’t offer in an easy service, you can set up a Windows or Linux virtual machine that hosts whatever software you want to use. You could even host a Windows or Linux desktop in the cloud on a virtual machine and connect to it remotely. It’s just another way to use remote computing resources.
Azure
Office365
Azure AD is the cloud directory that is used by Office 365. No on-premises servers are required — Microsoft manages all that for customers. When identity and authentication are handled completely in the cloud, you can manage user accounts and user licenses through the Office 365 admin center or Windows PowerShell cmdlets. A cloud-only identity uses user accounts that exist only in Azure AD. Cloud identity is typically used by small organizations that do not have on-premises servers or do not use AD DS to manage local identities. Both on-premises and remote (online) users use their Azure AD user accounts and passwords to access Office 365 cloud services. Azure AD authenticates user credentials based on its stored user accounts and passwords. Because user accounts are only stored in Azure AD, you manage cloud identities with tools such as the Microsoft 365 admin center and Windows PowerShell with the Azure Active Directory PowerShell for Graph module.
Office365
1. FIDO2 Login to Windows (Azure AD)
Windows OS becomes ready to run before user authentication. The internet connection is required to be made for the first login, because FIDO2 authentication is executed between Azure AD in the cloud and ThinC-AUTH USB dongle. Click ThinC surface on fingerprint sensor brings you to Windows starting screen.
Except the first login, internet connection is not required to FIDO2 login to Windows. Windows OS gets necessary information from Azure AD and works on behalf of Azure AD. This scheme allows users to login to Windows under no internet environment.
Windows Login
2. Windows 10
When you login to Windows with local account credentials such as local PIN or local password, you cannot go into cloud unless another authenticatin is made. You need to execute browser's login to cloud. It is done by login to Azure, Office365 or other cloud applications, you are requested to execute another login. It can be FIDO2 passwordless login.
When you FIDO2 login to Windows without internet connections, you can login to Azure or Office365 without any further authentication after internet connection is made.
On the other hand, if you FIDO2 login to Windows, you are seamlessly move to Azure or Office365 without any user authentication.
Windows Running
3. Office 365
There is Office 365 access panel, where it shows the other connected cloud service portal such as Amazon Web Service (AWS) and Google Suite (G-Suite). They are connected through SAML SSO so that users can seamlessly move to those sites without any further user authentication. This scheme increases work efficiency a lot.
Azure AD supports more than 3,000 applications, called as Application Gallery or SaaS. How to integrate them with Azure Ad is written in Microsoft document as tutorials. By working on ID federation according to those documents, you can get seamless SSO to those gallery applications such as Salesforce, Dropbox and etc. If Azure Ad works as IdP (Identity Provider), SaaS names are listed in this panel. By clicking theri logos on the access panel, you can quickly move to the application.
Office364 Access Panel
4. Various Applications
Here, Azure portal is shown as one of examples for SSO destination from Azure AD. To help integrate your cloud-enabled software as a service (SaaS) applications with Azure Active Directory, we have developed a collection of tutorials that walk you through configuration. For a list of all SaaS apps that have been pre-integrated into Azure AD, see the Active Directory Marketplace. Use the application network portal to request a SCIM enabled application to be added to the gallery for automatic provisioning or a SAML / OIDC enabled application to be added to the gallery for SSO.
Azure portal
Azure Active Directory (Azure AD) simplifies the way you manage your applications by providing a single identity system for your cloud and on-premises apps. You can add your software as a service (SaaS) applications, on-premises applications, and line of business (LOB) apps to Azure AD. Then users sign in once to securely and seamlessly access these applications, along with Office 365 and other business applications from Microsoft. You can reduce administrative costs by automating user provisioning. You can also use multi-factor authentication and Conditional Access policies to provide secure application access.
Azure Active Directory (Azure AD) simplifies the way you manage your applications by providing a single identity system for your cloud and on-premises apps. You can add your software as a service (SaaS) applications, on-premises applications, and line of business (LOB) apps to Azure AD. Then users sign in once to securely and seamlessly access these applications, along with Office 365 and other business applications from Microsoft. You can reduce administrative costs by automating user provisioning. You can also use multi-factor authentication and Conditional Access policies to provide secure application access.