Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers. It provides software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS) and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems.

The Microsoft Azure website provides a directory of hundreds of different services you can use, including full virtual machines, databases, file storage, backups, and services for mobile and web apps. Digging through these hundreds of services, you’ll see that you can do practically anything. And for anything Azure doesn’t offer in an easy service, you can set up a Windows or Linux virtual machine that hosts whatever software you want to use. You could even host a Windows or Linux desktop in the cloud on a virtual machine and connect to it remotely. It’s just another way to use remote computing resources.

Azure AD is the cloud directory that is used by Office 365. No on-premises servers are required — Microsoft manages all that for customers. When identity and authentication are handled completely in the cloud, you can manage user accounts and user licenses through the Office 365 admin center or Windows PowerShell cmdlets. A cloud-only identity uses user accounts that exist only in Azure AD. Cloud identity is typically used by small organizations that do not have on-premises servers or do not use AD DS to manage local identities. Both on-premises and remote (online) users use their Azure AD user accounts and passwords to access Office 365 cloud services. Azure AD authenticates user credentials based on its stored user accounts and passwords. Because user accounts are only stored in Azure AD, you manage cloud identities with tools such as the Microsoft 365 admin center and Windows PowerShell with the Azure Active Directory PowerShell for Graph module.

Windows OS becomes ready to run before user authentication. The internet connection is required to be made for the first login, because FIDO2 authentication is executed between Azure AD in the cloud and ThinC-AUTH USB dongle. Click ThinC surface on fingerprint sensor brings you to Windows starting screen.

Except the first login,  internet connection is not required to FIDO2 login to Windows. Windows OS gets necessary information from Azure AD and works on behalf of Azure AD. This scheme allows users to login to Windows under no internet environment.

When you login to Windows with local account credentials such as local PIN or local password, you cannot go into cloud unless another authenticatin is made.  You need to execute browser's login to cloud. It is done by login to Azure, Office365 or other cloud applications, you are requested to execute another login. It can be FIDO2 passwordless login.

When you FIDO2 login to Windows without internet connections, you can login to Azure or Office365 without any further authentication after internet connection is made.

On the other hand, if you FIDO2 login to Windows, you are seamlessly move to Azure or Office365 without any user authentication.

There is Office 365 access panel, where it shows the other connected cloud service portal such as Amazon Web Service (AWS) and Google Suite (G-Suite). They are connected through SAML SSO so that users can seamlessly move to those sites without any further user authentication. This scheme increases work efficiency a lot.

Azure AD supports more than 3,000 applications, called as Application Gallery or SaaS. How to integrate them with Azure Ad is written in Microsoft document as tutorials. By working on ID federation according to those documents, you can get seamless SSO to those gallery applications such as Salesforce, Dropbox and etc. If Azure Ad works as IdP (Identity Provider), SaaS names are listed in this panel. By clicking theri logos on the access panel, you can quickly move to the application.

Here, Azure portal is shown as one of examples for SSO destination from Azure AD. To help integrate your cloud-enabled software as a service (SaaS) applications with Azure Active Directory, we have developed a collection of tutorials that walk you through configuration. For a list of all SaaS apps that have been pre-integrated into Azure AD, see the Active Directory Marketplace. Use the application network portal to request a SCIM enabled application to be added to the gallery for automatic provisioning or a SAML / OIDC enabled application to be added to the gallery for SSO.

Azure Active Directory (Azure AD) simplifies the way you manage your applications by providing a single identity system for your cloud and on-premises apps. You can add your software as a service (SaaS) applications, on-premises applications, and line of business (LOB) apps to Azure AD. Then users sign in once to securely and seamlessly access these applications, along with Office 365 and other business applications from Microsoft. You can reduce administrative costs by automating user provisioning. You can also use multi-factor authentication and Conditional Access policies to provide secure application access.

Azure Active Directory (Azure AD) simplifies the way you manage your applications by providing a single identity system for your cloud and on-premises apps. You can add your software as a service (SaaS) applications, on-premises applications, and line of business (LOB) apps to Azure AD. Then users sign in once to securely and seamlessly access these applications, along with Office 365 and other business applications from Microsoft. You can reduce administrative costs by automating user provisioning. You can also use multi-factor authentication and Conditional Access policies to provide secure application access.