Customers with Azure Active Directory Premium P1 can now integrate with Duo.
The Future of the Microsoft Directory
Microsoft means productivity in the enterprise, and our integrations data proves it out. Microsoft integrations account for three of Duo’s top 10 integrations by number of users.
Most customers use Active Directory (AD) for identity in some fashion, and we’ve seen a growing number of customers adopting Azure AD either in hybrid or cloud-only mode.
Customers still manage identities with AD in hybrid mode and will for the foreseeable future due to significant investments in custom identity and authentication workflows, but we’re seeing a trend of organizations using Azure AD’s built-in federation and single sign-on services to replace on-premises Active Directory Federation Service (AD FS).
Say Goodbye to AD FS
This may be a surprise to many, but Active Directory Federation Service (AD FS) is the most popular federation and single sign-on provider at Duo by a significant margin. Duo authenticates 300,000 users a month utilizing AD FS to get to Microsoft Office, Outlook or other web applications.
The thing with AD FS is that customers want to move off of it. Cloud applications simplify administration in general compared to on-premises applications by default, but our customers tell us that AD FS is a particularly challenging application to manage.
It’s also no secret that Microsoft is actively encouraging this migration. For all the reasons why companies find it difficult to move away from AD FS, we’ve found that keeping their investment in Duo’s authentication service without using a third-party identity as a service (IDaaS) solution is a major one.
Direct multi-factor authentication (MFA) integrations with Azure AD were simply not available, and this became a significant roadblock for Azure AD adoption amongst our customers.
This is why we were delighted to announce our integration with Azure AD last fall. Hundreds of customers were able to begin their transition away from AD FS, as they could now use their authentication vendor of choice alongside Azure AD.
Azure Integration & Adoption
The adoption of the Azure AD integration has far exceeded our internal projections since launch. We have exceeded our goal of 150 customers using the integration by a healthy margin.
Our customers are federating access to Office 365 - the productivity backbone of most enterprises - through Azure AD while using Duo to enforce policy controls. Customers like Sophos are using Duo Beyond to only allow access to Outlook from corporate-managed endpoints.
And Microsoft continues to add new controls to Conditional Access controls, allowing customers greater granularity for when to invoke Duo.
While we’re happy with the adoption of Azure AD, we were disappointed to hear from many customers that could not use our best-in-class integration due to Microsoft licensing costs.
When Microsoft first announced the Conditional Access and Custom Controls integration with Duo in 2017, our integration was limited to the highest tier of Azure AD: Premium P2. At $9 per user per month, this was cost prohibitive for many customers.
It was disappointing to see organizations blocked from implementing best-in-class cloud identity management from Microsoft and cloud security from Duo. Despite the hundreds of customers who deployed Azure AD and Duo together since our joint announcement, we had many more who could not.
That’s why we are thrilled to support the news today that Microsoft is moving third-party MFA integrations in Conditional Access down to Azure AD Premium P1!
Most of our customers who were migrating to Azure AD (in both hybrid or cloud-only mode) found that the P1 subscription best fit their needs from a technical requirements and budget perspective. With the Duo integration now available to many more Azure AD customers, we’re looking forward to securing our customers’ migration to the Microsoft cloud.