Microsoft Active Directory Group Policy Objects Alternative

Written by Rajat Bhargava on February 9, 2016

Share This Article

Directory services is one tech market that is heating up significantly. With the move to the cloud, every major cloud player is trying to lock in their customers with their own directory service. AWS Directory Services is focused on helping their AWS Infrastructure-as-a-Service customer and, in the process, tie them to the AWS cloud. Google Apps is offering their version of a cloud-based directory service, but unfortunately Google Apps Directory doesn’t do much beyond controlling identities for Google applications. Microsoft Azure Active Directory is trying to mimic the on-premise AD for Azure, but that too, like AWS, locks in users to Azure. While all of these organizations focus on critical user management functionality, they all are missing one key piece: creating an alternative to Microsoft Group Policy Objects (GPOs).

While shifting AD to the cloud is helpful, it’s not sufficient in building a cloud identity provider. A hosted AD offering, such as the one AWS provides, focuses only on the Windows operating system. Tasks and policies cannot be executed on Linux servers or Mac devices. Azure AD similarly provides a limited GPO capabilities set, but only, like AWS, to the Windows platform. Google’s directory service has no capability to do any GPO or GPO-like functions.

GPOs: Core Functionality for Cloud-Based Directories

All this matters for one reason: Group Policy Objects are an important part of the overall directory services ecosystem. Originally, an identity provider focused on user authentication and authorization. Then Microsoft Active Directory introduced the concept of executing tasks and policies on Windows devices. As a result, IT admins could centrally manage their Windows machines and control functions, like mapping network drives, setting security policies, and configuring the device properly. Microsoft AD made device management a core part of what a directory service does.

Nowadays, companies are not solely operating on the Windows platform. Moving forward, the management of Mac and Linux machines will need to be a core functionality of any cloud-based directory. Executing tasks and policies from one central console across all three major platforms is a significant differentiator between legacy directory services, like AWS and AD, and modern cloud-hosted ones.

Directory-as-a-Service: Cross-Platform & Multi-Device Control

One cloud-based Identity-as-a-Service platform called Directory-as-a-Service (DaaS) offers a cross-platform GPO-like function. In addition, DaaS controls users across the three major device platforms (Windows, Linux, and Mac), and also authenticates users to cloud and on-premise applications and, additionally, to WiFi networks and multiple devices. What’s more, Directory-as-a-Service integrates seamlessly with Google Apps to provide one central identity across virtually all IT resources.

To learn more about how Directory-as-a-Service is an alternative to Microsoft Active Directory Group Policy Objects, drop us a note. We’d be happy to walk you through the benefits of a vendor-agnostic directory service. Or give JumpCloud’s DaaS a try for yourself. Your first 10 users are free forever.

Continue Learning with our Newsletter