Part of Azure experiment, one of my colleagues started playing with Azure API Management last week. He was interested with what I introduced about the service, including API gateway, API publishing portal to readable policies to manipulate inbound request before back-end hit. He also loved to work with API call via REST because API is a flexible way of touching Azure resources through pure HTTP request, without installing any specific library.
Microsoft Account is considered not an internal account given to Microsoft employee. Microsoft account is associated to external services such as Live Mail, Skype, Xbox or so on. When connecting to Azure AD with Microsoft Account (e.g. LiveID) , you might be get started with Connect-AzureAD to get the tenant ID. Below screen is what you might get.
If you are familiar with Web Application Proxy in Windows Server 2012/2016, Azure AD Application Proxy should not be your surprise. Microsoft builds it to allow you to securely set up a remote access to your application which you do not want to publish over the Internet. It also helps you achieve single sign-on (SSO) as well. This is fully aligned with “mobile-first, cloud first” strategy when business users have the ability to securely access their corporate applications hosted on cloud from their mobile devices in anywhere.