Azure® Active Directory® Playbook

By George Lattimore Posted July 9, 2019

Looking for an Azure® Active Directory® (AAD) playbook that can help guide your understanding of its differences with Microsoft® Active Directory (MAD or AD)? Well, it’s a good resource to look for, and at least you’re not alone in needing one. The Microsoft family of identity and access management (IAM) solutions can be quite complicated, so regardless of if you’re an IT admin, managed service provider (MSP), SMB owner, DevOps engineer, or a technologist, it is fairly easy to see why an Azure AD playbook would be helpful. 

Microsoft’s Strategy: Double Down On-prem Reliance

To understand how to leverage Azure Active Directory, we need to first step back and understand the history of Microsoft’s approach towards directory services. About twenty years ago, Microsoft introduced the on-prem juggernaut of IT identity management, Active Directory. This was ideal for the Windows®-based networks that were dominant around the world at the time. 

A key part of the approach here was the Active Directory Domain Services (AD DS) server role, which enabled a user to log into their Windows device and subsequently access whatever other Windows-based systems and applications that the individual had access to.

One password, entered through one system, and boom: all the Microsoft resources. Pretty simple, right? But, where are we now with all of the cloud services and changing demands of remote workers? How has this changed?

Why Azure AD is an Extension with Limitations

Hoping for an effective way forward, many IT organizations are asking how Azure AD relates to the traditional, on-prem Active Directory, especially when it comes to those newer cloud services that AD DS struggled with. Is AAD a replacement to AD, or some kind of complement to the on-prem directory service? Unfortunately, Azure AD is not a cloud replacement for Active Directory. As stated by a Microsoft representative in this Spiceworks thread, it’s an extension of on-prem identities to the Azure cloud and the web applications that Azure can manage. 

The direction taken from an Azure AD playbook, as shared by Microsoft, is to leverage AD on-prem as the core identity provider and then federate identities to Azure AD via AD Connect. Of course, you’ll likely also need Azure AD Domain Services as well, so you’ll likely have at least four different services for your identity management infrastructure.

Once identities are in Azure AD, they can be used to log into an Azure domain via Azure AD DS, and then also as a web application single sign-on (SSO) platform very similar to AD Federation Services (ADFS). The result is that for most organizations that are Microsoft-focused and are leveraging Azure, the ideal scenario is to use these various Active Directory solutions both on-prem and in the cloud in an Azure Active Directory playbook. They seem to go together well.

Overcoming the Legacy Obstacles

The challenge for the rest of today’s IT organizations, however, is if they are using non-Windows platforms such as macOS®, Linux®, AWS®, G Suite, or others. In this use case, the Azure AD + AD DS approach struggles to be a viable solution for comprehensive identity management. Microsoft didn’t build Azure AD as a flexible, one-size-fits-all directory services solution. That strategy would undercut their stronghold in the market, and could uncomfortably uproot their customers long-term dependence on Windows Servers altogether. 

To alleviate the pressure towards heavy spending on legacy Windows Servers, modern IT organizations are finding alternatives. They’re circumnavigating traditional IT approaches to reach greater agility, flexibility, and cost-enablement enablement with cloud technology. For over 75,000 organizations, JumpCloud® Directory-as-a-Service® has provided a serverless runway for connecting user identities to cloud resources, as well as their on-prem resources, opening up a new route for best-in-class tools to be leveraged, yet managed from one all-inclusive platform. 

If you’d like to learn more about the business advantages of using a cloud directory, check out our Move to Modern IT infographic highlighting key use cases and statistics. Maybe you’d like to see how Directory-as-a-Service works, from the inside out? Give it a try today. Your first 10 users are completely free of charge, forever. 

George Lattimore

George is a writer at JumpCloud, a central source for authenticating, authorizing, and managing your IT infrastructure through the cloud. With a degree in Marketing and an MS in Public Communications and Technology, George enjoys writing about how the IT landscape is adapting to a diversified field of technology.

Recent Posts