Underlying all that Microsoftian (MSFT) software is Active Directory, which provides a single-sign-on to various applications and makes sure only the right people have access to the right stuff. A version of Active Directory, cleverly called Azure Active Directory, also runs on Microsoft’s Azure cloud.

For those unfamiliar with this stuff, a public cloud is a massive set of shared computing, storage, and networking capability run data centers around the world. All of that power is available to rent, obviating the need for big customers to buy tons of new servers and storage on their own. Amazon was first into the pool here, having launched its storage service in 2006, but Microsoft is in now with Azure, IBM (IBM) with SoftLayer and Google with Google (GOOG) Compute Platform.

One drawback to this model is that some businesses are wary of trusting important stuff to these shared resources, although that concern is ebbing, especially since corporate-focused companies like Microsoft are now involved.

That brings us back to the AWS-Microsoft competitive dance. The latest step in this saga is that Amazon (AMZN) late last week announced a new Active Directory service, actually a managed service, running on AWS.

As Gartner distinguished analyst Lydia Leong pointed out to Fortune, Amazon already offered something called “Simple AD” but it was rudimentary and some customers want to run “full fledged Microsoft AD” within AWS, she noted.

The fuller featured AD managed service could mean that companies can now more easily run and manage their SharePoint, SQL Server (and custom applications built on those technologies) beyond the firewall on AWS.

Per the Amazon post:

You can also configure a trust relationship between Microsoft AD in the AWS cloud, and your existing on-premises Microsoft Active Directory, providing users and groups with access to resources in either domain, using single sign-on (SSO).

This is a big deal if it works as advertised. One of Microsoft’s key selling points for Azure over AWS, is that because it’s from Microsoft, companies should be able to run their apps on premises and/or in the Azure cloud relatively easily because technology on both sides of the divide is so similar. That is not the case with Microsoft applications running in-house and on AWS.

The key thing here is that the ability to run some applications on-premises in a own data center or server closet and some on a public cloud is the definition of hybrid cloud that nearly all tech vendors are now chasing.

If AWS can offer that same warm-and-fuzzy feeling of application coexistence, companies may feel more comfortable putting more Microsoft-based applications on AWS.

This has been a long-running strategy for Amazon. Two years ago the company announced support for Microsoft System Center software that companies use to manage their Windows Server and associated applications. This meant that a company’s Microsoft systems administrator could now manage Windows applications running on AWS almost as if they were running in her own server room. (Amazon has an analogous product for VMware administrators.)

Then, early this year, it launched an add-in that would make it easier for those same administrators to actually move their Windows applications from their own server room to AWS. You see the pattern here?

In Leong’s opinion, Microsoft customers typically pick Azure because they’re already affiliated with the Microsoft developer ecosystem and they have a contractual relationship with Microsoft, not so much because they are they are so focused on Microsoft infrastructure per se.

“However, because AD is a big deal for many organizations, it’s one of those things that tilts Microsoft buyers to Azure over AWS.” This move tilts the scales a bit more towards AWS, she said.

In short, public cloud leader Amazon has had a limited hybrid cloud story to date, but is chipping away at that problem by offering bridges to Microsoft applications running in-house.

But it doesn’t take a total cynic to surmise, however, that the company’s preferred end-game is to vacuum up all the applications to AWS over time.

For more from Barb, follow her on Twitter at @gigabarb, read her coverage at fortune.com/barb-darrow or subscribe via this RSS feed.

Make sure to subscribe to Data Sheet, Fortune’s daily newsletter on the business of technology.

For more on Amazon, please check out the following Fortune video:

This story was updated at 10:40 a.m. EST with Gartner analyst comments.