By Rajat Bhargava Posted January 25, 2017
The identity and access management world is going through a renaissance period, especially the directory services submarket. The advent of the cloud has dramatically changed the way that IT organizations have to deal with identity management. Independent of trying to leverage cloud identity services, the fact that many IT organizations have shifted their infrastructure to the cloud is putting a great deal of pressure on how to centrally manage user identities and access control.
No Easy Active Directory Migration Path to Azure AD
Microsoft is adding to the confusion with their Azure Active Directory solution. While the cloud Active Directory is a completely separate solution from the legacy, on-prem monopoly in the space (Active Directory) it is not a true directory service. It effectively is a cloud IAM solution. Unfortunately, many IT organizations believe that there is an Active Directory migration path to Azure AD. However, there isn’t.
There are more details in this post on Spiceworks:
Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It actually provides many more capabilities in a different way.
That’s why there is no actual “migration” path from Active Directory to Azure Active Directory. You can synchronize your on-premises directories (Active Directory or other) to Azure Active Directory but not migrate your computer accounts, group policies, OU etc.
As you can see here Azure Active Directory is an identity and access management solution for hybrid or cloud-only implementations. It can extend the reach of your on-premises identities to any SaaS application hosted in any cloud. It can provide secure remote access to on-premises applications that you want to publish to external users. It can be the center of your cross-organization collaboration by providing access for your partners to your resources. It provides identity management to your consumer-facing application by using social identity providers. Cloud app discovery, Multi-Factor Authentication, protection of your identities in the cloud, reporting of Sign-ins from possibly infected devices, leaked credentials report, user behavioral analysis are a few additional things that we couldn’t even imagine with the traditional Active Directory on-premises.
Even the recently announced Azure Active Directory Domain Services are not a usual DC as a service that you could use to replicate your existing Active Directory implementation to the cloud. It is a stand-alone service that can offer domain services to your Azure VMs and your directory-aware applications if you decide to move them to Azure infrastructure services. But with no replication to any other on-premises or cloud (in a VM) domain controller.
If you want to migrate your domain controllers in the cloud to use them for traditional task you could deploy domain controllers in Azure Virtual Machines and replicate via VPN.
So to conclude, if you would like to extend the reach of your identities to the cloud you can start by synchronizing your Active Directory to Azure AD.
Microsoft Clouds The Directory Services Horizon
Azure AD really is a user management system for Azure and Office 365. It wasn’t created to be a cloud directory services platform. Even Azure Active Directory Domain Services is really just a domain controller for Azure-based VMs.
This begs the question of modern IT organizations: how will they manage and control non-Windows or non-Azure IT resources? The answer is that it is extremely difficult. As we all know, Mac and Linux devices struggle in an Active Directory environment. Azure AD doesn’t help you if you leverage AWS, G Suite, Google Cloud, or any number of other non-Azure platforms.
Take The Clear Route Via JumpCloud®
So IT organizations have been looking for alternatives to Active Directory and Azure Active Directory. Many believed that the migration path from AD was Azure AD, but even Microsoft is saying that isn’t the case. There is another path. IT admins are now going from Active Directory to the cloud-based AD replacement called Directory-as-a-Service®.
As a central, secure cloud identity provider, Directory-as-a-Service is an independent solution to the directory services problem for hybrid IT infrastructure. The IDaaS platform seamlessly integrates with on-prem Mac, Window, and Linux machines; cloud servers at AWS, Azure, or Google Cloud; cloud and on-prem applications; and WiFi network infrastructure. In other words, it is a modern directory service for the cloud era.
Drop us a note to learn more about how to migrate from Active Directory to Azure Active Directory. We’ll walk you through why that’s a dead end and offer an interesting alternative, Directory-as-a-Service. You can also give our IDaaS platform a try for yourself. Your first 10 users are free forever.