Windows IIS integration with Azure AD

Afzal Atique 21 Reputation points
2020-03-03T10:29:46.103+00:00

Hi Team,

We have a website running on windows\IIS. We would like to integrate that with our Azure AD for authentication.

  1. Is it possible to configure IIS to use Azure AD for authentication ?
  2. If we host windows VM in Azure and join it to Azure AD DS and then enable windows authentication will it authenticate against Azure AD DS ?
  3. any alternate way via azure ad app registration to enable IIS website to use Azure AD for authentication

Regards
Afzal Atique

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,370 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,092 questions
0 comments No comments
{count} votes

Accepted answer
  1. Shashi Shailaj 7,581 Reputation points Microsoft Employee
    2020-03-03T13:44:07.153+00:00

    Hello @Afzal Atique ,

    The short answer is , It will depend upon your application. At the IIS web server level , this is not possible as far as I know. The Azure AD authentication can be added at the application level. If your application is a ASP.net application , you can integrate Azure AD authentication with the same . Let me answer your queries one by one.

    Hope this clarifies your query. I have included related links for more information . Please do read through them for more clarity . You can decide what solution you would like to use , you can either use Azure AD application proxy(If Password hash sync is not permitted in your environment ) or Azure AD domain services(if PHS is not a problem). Law firms and Banks try to avoid Password hash sync to cloud environments generally even though Azure is completely secure form all angles and have the largest number of regulatory compliance's . But cost and management wise Azure AD domain services is a better solution.

    In case the information provided helps you , please do accept this as answer so that it can be useful to other members of the community.

    Thank you.

    3 people found this answer helpful.

0 additional answers

Sort by: Most helpful