Do I need Active Directory when I Migrate to Office 365?

Written by Greg Keller on June 28, 2016

Share This Article

A common question that we hear from small to medium enterprises is, “Do I still need Active Directory when I migrate to Microsoft Office 365?”

It’s a good question. The move to cloud-based apps and infrastructure has given IT a lot of good reasons to want to make the shift to the cloud complete. Keeping your directory services on-premises just doesn’t make as much sense as it used to.

Office 365 logo

Thankfully, the answer is no, you don’t still need Active Directory after you move to cloud. Office 365 can actually be used as your core source of identity, provisioning access to everything from your infrastructure to WiFi, and even to other apps.

We’ll explain how below.

What About Migrating AD to the Cloud? 

Office 365 and Active Directory

The corollary to that question is whether or not you can keep your Microsoft Active Directory instance, but move it to the cloud – much in the same way that you can migrate your on-premises Microsoft Exchange email server to the cloud with O365.

This is a reasonable question as well. It makes sense when eliminating one component from living on-prem to try to “make a clean break” and rid your organization
of outdated on-prem components. But there’s still an appeal in keeping your existing AD instance for the sake of comfort and continuity.

Unfortunately, most organizations struggle with moving Active Directory to the cloud.

AD wasn’t Built for the Cloud

One of the first impediments is that there isn’t a Microsoft companion product for O365. Some point to Azure Active Directory as the companion, but unfortunately, it doesn’t do all of the same things as an on-prem directory service (or a cloud-based directory service, for that matter).

Think of Azure AD as your ‘mini-directory’ for Azure. Like we have written about before, these mini-directories need to be integrated into a unified cloud directory.

The second major challenge that organizations face as they move to the cloud is that AD struggles with connecting to cloud infrastructure and SaaS applications as well as non-Windows devices. You’ll need to use intermediaries such as directory extension solutions, but the bigger issue is to replace AD rather than build more infrastructure on top of it.

There are other reasons that AD is a poor cloud-based directory service. AD was designed in the on-prem era and released at the height of the dotcom bubble in 1999. The environments then were on-prem and Windows. Server infrastructure was located within the office or an internal data center connected to the main Internet connections. As a result, AD worked very well for its task – centralizing user management within an organization. Active Directory was able to leverage the fact that networking was done behind the firewall and it assumed that security mechanisms were already in place (firewall, IDS/IPS, etc. within the DMZ).

Today, however, an organization is no longer Windows nor on-prem. In fact, those types of organizations are largely the exception.

Making a Directory Decision for the Modern Office

Today’s modern organization is multi-platform, heterogeneous, worldwide, and highly security-conscious.

For these adaptive, forward-thinking organizations, moving to Office 365 effectively doesn’t just equate to moving AD to the cloud and calling it a day.

In fact, it can’t – because it won’t work for them.

These modern IT organizations are managing Mac and Linux devices, cloud servers hosted at AWS, WiFi networks, remote employees, SaaS applications such as Salesforce, and perhaps even using Google Apps as well.

Centralizing user management with all of these disparate platforms and locations is extremely difficult with AD. Add in another twist that the cloud has enabled – multiple authentication protocols – and Active Directory struggles to make the leap to the cloud with Office 365.

The path of least resistance is simple.

For the Cloud Era, Use a Cloud Directory

The new approach to this problem is to leverage a cloud hosted directory service that is multi-platform, multi-protocol, and location agnostic.

This approach takes the pressure off of IT to shoehorn in AD or Azure AD when there are Macs, AWS servers, GApps, WiFi, legacy LDAP-based applications, and more.

It’s an independent approach to solving the core problem of managing user access. If you would like to learn more about how JumpCloud complements your move to Office 365, drop us a note. Or, feel free to give our unified cloud directory a try. Your first 10 users and 10 devices are free.

Greg Keller

JumpCloud CTO, Greg Keller is a career product visionary and executive management leader. With over two decades of product management, product marketing, and operations experience ranging from startups to global organizations, Greg excels in successful go-to-market execution.

Continue Learning with our Newsletter