A common question that we hear from small to medium enterprises is, “Do I still need Active Directory when I migrate to Microsoft Office 365?”
It’s a good question. The move to cloud-based apps and infrastructure has given IT a lot of good reasons to want to make the shift to the cloud complete. Keeping your directory services on-premises just doesn’t make as much sense as it used to.
Thankfully, the answer is no, you don’t still need Active Directory after you move to cloud. Office 365 can actually be used as your core source of identity, provisioning access to everything from your infrastructure to WiFi, and even to other apps.
We’ll explain how below.
What About Migrating AD to the Cloud?
The corollary to that question is whether or not you can keep your Microsoft Active Directory instance, but move it to the cloud – much in the same way that you can migrate your on-premises Microsoft Exchange email server to the cloud with O365.
This is a reasonable question as well. It makes sense when eliminating one component from living on-prem to try to “make a clean break” and rid your organization
of outdated on-prem components. But there’s still an appeal in keeping your existing AD instance for the sake of comfort and continuity.
Unfortunately, most organizations struggle with moving Active Directory to the cloud.
AD wasn’t Built for the Cloud
One of the first impediments is that there isn’t a Microsoft companion product for O365. Some point to Azure Active Directory as the companion, but unfortunately, it doesn’t do all of the same things as an on-prem directory service (or a cloud-based directory service, for that matter).
Think of Azure AD as your ‘mini-directory’ for Azure. Like we have written about before, these mini-directories need to be integrated into a unified cloud directory.
The second major challenge that organizations face as they move to the cloud is that AD struggles with connecting to cloud infrastructure and SaaS applications as well as non-Windows devices. You’ll need to use intermediaries such as directory extension solutions, but the bigger issue is to replace AD rather than build more infrastructure on top of it.
There are other reasons that AD is a poor cloud-based directory service. AD was designed in the on-prem era and released at the height of the dotcom bubble in 1999. The environments then were on-prem and Windows. Server infrastructure was located within the office or an internal data center connected to the main Internet connections. As a result, AD worked very well for its task – centralizing user management within an organization. Active Directory was able to leverage the fact that networking was done behind the firewall and it assumed that security mechanisms were already in place (firewall, IDS/IPS, etc. within the DMZ).
Today, however, an organization is no longer Windows nor on-prem. In fact, those types of organizations are largely the exception.
Making a Directory Decision for the Modern Office
Today’s modern organization is multi-platform, heterogeneous, worldwide, and highly security-conscious.
For these adaptive, forward-thinking organizations, moving to Office 365 effectively doesn’t just equate to moving AD to the cloud and calling it a day.
In fact, it can’t – because it won’t work for them.
These modern IT organizations are managing Mac and Linux devices, cloud servers hosted at AWS, WiFi networks, remote employees, SaaS applications such as Salesforce, and perhaps even using Google Apps as well.
Centralizing user management with all of these disparate platforms and locations is extremely difficult with AD. Add in another twist that the cloud has enabled – multiple authentication protocols – and Active Directory struggles to make the leap to the cloud with Office 365.
The path of least resistance is simple.
For the Cloud Era, Use a Cloud Directory
The new approach to this problem is to leverage a cloud hosted directory service that is multi-platform, multi-protocol, and location agnostic.
This approach takes the pressure off of IT to shoehorn in AD or Azure AD when there are Macs, AWS servers, GApps, WiFi, legacy LDAP-based applications, and more.
It’s an independent approach to solving the core problem of managing user access. If you would like to learn more about how JumpCloud complements your move to Office 365, drop us a note. Or, feel free to give our unified cloud directory a try. Your first 10 users and 10 devices are free.