As small-to-medium sized businesses (SMBs) look to move their directory services to the cloud, many IT admins wonder whether Microsoft® Azure® Active Directory (Azure AD or AAD) is the right fit.
Below, we’ll detail what SMBs should typically look for in a cloud directory service, and what boxes AAD checks in regard to authentication, scalability, and security.
What Are SMBs Looking for in a Cloud Directory Service?
There are a number of resources that IT admins need to manage for organizations of all sizes, and directory services aim to make that management simple and secure. When Microsoft introduced Active Directory® (AD), it simplified the process of managing access to Windows®-bound, on-prem resources.
However, with the introduction of macOS® devices, Linux® systems, web applications, and wireless networks into workplace culture, IT admins have struggled to use AD to manage all user resources. Many have considered moving to a cloud-based directory service to eliminate the costly maintenance of AD’s on-prem infrastructure and authenticate user credentials to the assets they commonly utilize.
One such consideration includes Azure Active Directory, which was introduced as a substrate identity management tool that authenticates users to the Azure platform. In fact, many IT admins using Azure AD are interested in its ability to natively authenticate and secure IT resources, as well as its cost-efficiency with regard to scalability.
The ideal cloud directory service authenticates users to their systems, applications, networks, and files from a single console. As a standalone service, Azure AD authenticates Azure credentials to select web applications, including G Suite™ and Office 365™, via the SAML 2.0 and OAuth protocols.
In addition, AAD authenticates user credentials to Windows® 10 Pro systems, but it does not employ group policy objects (GPOs) for those systems. Beyond that, admins using AAD need to find other solutions for authenticating users to:
- Networks via RADIUS
- On-prem LDAP-based applications and file servers
- Legacy Windows systems, macOS devices, and Linux servers hosted in AWS®
For SMBs looking for a cloud IdP, AAD will likely meet some but not all of their needs because it’s not a comprehensive cloud directory service. It can work for authenticating Azure credentials to select web applications, but AAD does not wholly authenticate users to the suite of resources needed to accomplish their work.
Though many have adopted AAD’s toolset into their host of solutions, Microsoft designed Azure AD to supplement AD rather than serve as a core identity provider (IdP) in the cloud. As such, small businesses looking for a directory service that is scalable may find more value in an identity and access management (IAM) tool that performs entirely in the cloud.
The issue with AAD needing AD to function optimally is that IT teams still have to maintain the hardware associated with their legacy directory service, meaning that as their organization grows, so will the upkeep of their increasing on-prem servers.
For example, in order to get Azure AD to connect users to networks via RADIUS authentication, IT teams need to implement an additional on-prem NPS server in conjunction with AD. If SMBs look to grow, they can do so with cloud infrastructure, which can accommodate new users and assets without the need for additional hardware.
About 60% of small businesses fold within six months of a cyberattack, and the No. 1 attack vector for those organizations is compromised credentials. It’s vital that IT teams protect their organization’s valuable assets. Often, tools like multi-factor authentication (MFA) and SSH keys are used to help keep them safe.
Azure AD does offer MFA for their free version, but full-featured MFA for Azure AD is only offered at their Premium P1 or P2 pricing levels. In addition, Azure AD does not authenticate user credentials to resources outside of select web applications and Windows 10 Pro devices. Protecting those additional networks, on-prem and cloud-based applications, and disparate systems requires additional solutions.
A secure, cloud-based IdP avoids the insecurity of identity sprawl by managing users and their resources through a single console. Users only need to remember/employ one set of credentials, and when that set of credentials is protected by MFA, small businesses are secured against unwelcomed cyberthreats, like phishing attempts.
The Ideal Solution
For SMBs, the goal for directory services should center around secured, centralized user authentication. Small businesses often struggle with budgetary restrictions, so finding a solution that functions as a core identity provider and is platform-agnostic would provide IT teams with a single tool that both managed their IT infrastructure and alleviated financial pressures.
While Azure AD is useful in showcasing a select number of cloud capabilities, it struggles to serve as a cloud-based IAM tool without a directory service supplementing it. For SMBs interested in such an IAM resource, a viable option could be JumpCloud® Directory-as-a-Service®. Directory-as-a-Service securely manages user access to nearly all their IT resources, and does so entirely from the cloud.
Interested in learning more about the first cloud directory service? Feel free to reach out for a personalized demo to see DaaS in action.