Last week, Microsoft announced via a blog post on the Office Blogs site at http://blogs.office.com/2015/02/17/sign-page-branding-cloud-user-self-service-password-reset-office-365/ that they were moving the ability to add company branding to the Azure Active Directory and Office 365 login pages from the Azure Active Directory Basic and Premium tiers down into the Free tier making this feature available to everyone.
This great news as for a lot of customers, Azure Active Directory Free provides all the service they are looking for and being able to have this fit into your corporate identity and branding makes users more comfortable that they are signing into a company authorised login portal.
In order to brand your corporate Azure Active Directory instance and your Office 365 login pages, login to the Azure Management Portal as a user with the Global Administrator role. For now, this needs to be managed via the legacy Azure portal at https://manage.windowsazure.com. Once you are logged into the portal, you need to head to the Active Directory node from the left navigation area.
Once on the Active Directory page, select your Azure Active Directory instance. If you have more than one instance, select the instance which is responsible for the domains that you want to be branded with your corporate identity for Azure Active Directory and Office 365 sign-in.
On the properties for your Azure Active Directory instance, you will notice the green button Customize Branding which you would not have seen in the portal previously if you are an Azure Active Directory Free customer. Click the button to open the properties for branding and customization. Assuming this is the first time that your settings have been customized, you will be taken to the Customize Default Branding properties.
The Banner Logo image is used on all of the various sign-in pages for Azure Active Directory and Office 365 and should contain your company logo. The Tile Logo is to provide a square Modern UI version of your logo. I have yet to actually find anywhere that this Tile Logo is used so if you come across it, do let me know. In either case, the logos can be provided in .png or .jpeg format. I would highly recommend using an image minifier such as TinyPNG to compress your images without distortion with the view to help improve load times of these pages.
Sign In Page Text is displayed on all login pages and is used as a legal disclaimer or login help message. You can use this to display a message to provide help information to end-users such as a service desk phone number or you could use it to show a legal message matching your on-premise Windows server and client logon banner. This is entered as plain text and does not support HTML or other formatting such as hyperlinks.
Sign In Page Illustration allows you to provide a large image that is used prominently on the login pages for Azure Active Directory and Office 365 and it works in partnership with the Sign In Page Background Colour setting. The illustration takes either a .png or a .jpeg file to provide a rich client experience. The background colour is applied to the same container on the login page as the illustration and is used when the user is on a low bandwidth device.
Once you have entered all of the logos and text, click the tick button to save the changes. Once saved, give it a couple of minutes before testing to allow time for the Azure Active Directory instance to replicate throughout Azure and all of the login pages to be updated.
If you visit https://login.microsoftonline.com you will see the generic login page, however once you enter your email address, the page will update to show your new branding.
In the two images above, we can see the default login on the left and once I enter my email address, the image on the right shows my branding. The default highway image has been replaced by my Seattle skyline image along with the Office 365 logo replaced by my corporate identity. If I was on a low bandwidth device then instead of the Seattle image, I would be shown this portion of the screen as a solid block of colour using the hexadecimal value I provided on the branding page. The banner message I provided is shown at the bottom of the page in the right third.
If you direct clients to the Office 365 or Azure Active Directory login page from internal sites or a link on your public website then you may be interested in updating those hyperlinks to use the Realm URL. The Realm URL is a query string added to the end of the default URL pre-warning the portal which domain you are going to log in to and as such, the portal is pre-branded meaning that your users will never see the default Office 365 branded page.
To use the Realm URL, you need to update your hyperlinks to https://login.microsoftonline.com/?whr=richardjgreen.net replacing the domain name after the ?whr= query string with your own domain name.
As you see on the image above, I have navigated to the Microsoft Online login page using my Ream URL and without entering my email address to provide it with the domain identity for branding, the site is pre-branded for my company.
In the two images above, you can see how the customized login page scales with the screen real estate. The left image shows a compressed width page on a client with a 4:3 standard aspect ratio. The right portion of the screen remains unchanged but the illustration image on the left is cropped. The crop to the image is applied to the right edge, so when choosing your illustration image, make sure any important parts of the image are on the left as this is the portion which will always be visible regardless of screen size.
The second of the images above shows a mobile device viewing the page. In this view port, the illustration is completely hidden and we see just the login boxes, the corporate banner logo and the message text.
I trust that you will all enjoy seeing a customized login page for your company and enjoy it even more knowing that it’s not freely available for all Azure Active Directory and Office 365 users.