Authenticating Macs Against Azure Active Directory

Written by Rajat Bhargava on September 30, 2016

Share This Article

With the move to cloud-hosted directory services, there is a common question that comes up relative to Azure® Active Directory®. That question is, “Can you authenticate Mac® devices against Azure Active Directory?” The more specific thought process is whether Azure AD can serve as the core identity provider for on-premises devices such as Macs. 

The simple answer is, “No.” 

Azure Active Directory Authenticates Inside Azure 

Azure Active Directory was designed to be the authentication source for Azure and Microsoft 365™ users, with the ability to manage Windows® 10 devices as well (along with web SSO capabilities). Azure AD doesn’t connect directly to devices that are on-premises or directly with other cloud infrastructure providers such as AWS®. Azure AD is primarily used within Azure and also when Microsoft Active Directory is present.

Microsoft® designed Azure AD to be an adjunct to the on-premises Active Directory identity provider. In Microsoft’s model, identities are stored in the core, authoritative directory service located on-premises. AD and Azure AD connect in order for the identities to be used in Azure. This model makes the most sense for large organizations that have AD on-prem and also are likely all Microsoft Windows and Azure focused.

Limits of Storing Identities within Active Directory 

Unfortunately, that model doesn’t work for many modern, cloud-forward organizations. 

Almost all of these organizations have a mixed-platform environment. Many are leveraging G Suite or Microsoft 365 for their productivity platform. AWS or another cloud infrastructure is a part of their IT approach too. 

And, perhaps most important, these organizations are opting to forgo Microsoft Active Directory altogether. No identity provider is on-prem, which belies the model Microsoft has articulated with Azure AD. As a result, organizations are forced to store identities within Azure Active Directory which works well for IT resources hosted at Azure.

Identities aren’t able to be exported to all third-party resources such as Mac and Linux machines; consequently, many on-prem systems struggle to authenticate with Azure AD.

Authenticating Macs Without Restrictions 

There is another path that allows IT admins to not only leverage Azure but also authenticate their Macs and other non-Azure IT resources. Leveraging a core, cloud-based identity provider that can connect user identities to a wide variety of resources, including on-premises systems, cloud infrastructure, on-prem and SaaS applications, file servers, and WiFi is the better approach for modern, cloud-forward organizations. 

JumpCloud’s directory service platform federates identities to Azure, G Suite, AWS, SSO solutions, and more. It’s an open platform that centralizes user management across the entire organization. 

One identity is securely leveraged across the entire IT infrastructure.

One Directory To Rule Them All 

If you are interested in authenticating Macs to Azure Active Directory, use JumpCloud’s identity management platform as your core identity provider in the cloud. Your Azure AD identities will be the same ones that your users leverage for their Macs. 

Specifically, you can employ JumpCloud’s Apple MDM functionality to tightly manage and secure your Macs — even if they’re remote. As an IT pro, you will get full control over Mac user management and device management while still being able to leverage Azure, AWS, or Google Compute Engine™. You get to choose the best platforms for your organization but still have a single identity provider.

To learn more about how JumpCloud can support your desire to move to the cloud, drop us a note. In addition, give JumpCloud Free a try for yourself. Your first 10 users and 10 systems are free, with premium in-app chat support for your first 10 days.

Continue Learning with our Newsletter