We're in the middle of deploying multiple Hadoop clusters with different flavors. Since many of Azure's larger customers use an on-prem Active Directory forest for authentication, extending those identities and permissions to their Hadoop clusters was an important requirement.
Once the Hadoop cluster's been Kerberized, various security/identity features including