Most organizations today allow users to work remotely. Why? Well, among many work/life-related benefits, there’s less need to commute to the office as more organizations favor cloud-based infrastructure over on-prem. But, regardless of whether users work from home or at the office, their IT resources still need to be managed. Not doing so could lead to the loss or unauthorized alteration of data, not to mention a slew of help tickets.
In an effort to avoid those complications, IT admins are wondering if they can use Azure® Active Directory® (AAD) for remote users while foregoing Active Directory (AD) on-prem.
Azure AD Applications
Azure AD is the user management system for Azure and Office 365™, so giving remote users access to those resources is definitely within its purview. Further, AAD can connect users to select web applications, as well as provide authentication services for Windows® 10 devices.
As long as your remote users only use Office 365, Windows 10 devices, and any of the web applications AAD connects to, AAD may suit your needs. Otherwise, you may end up needing an alternative to Azure AD to gain full management capabilities over remote users’ IT resources.
Azure AD Limitations
While not really it’s intended architecture, Azure AD can be used as the sole IdP for organizations leveraging Windows systems and Office 365. But without on-prem Active Directory, admins don’t have GPO management capabilities over their on-prem Windows systems or authentication control over on-prem applications.
If your organization uses macOS®, Linux®, AWS®, G Suite™, Google Cloud Platform™ (GCP), or on-prem applications, Azure AD may present a few problems. It performs best in a Windows-centric environment, so you will likely need third-party solutions to manage systems outside that domain.
For those non-Windows systems, AAD offers some single sign-on (SSO) capabilities over specific web applications. Managing cloud-based infrastructure like AWS/GCP are outside its scope, however. Management of user access for WiFi and VPN infrastructures also require additional solutions when you’re not pairing AAD with AD.
The result is that AAD is just one component in an overall Windows-centric system meant to manage remote users and their systems. To get as much as you can out of it for remote users, you’ll need to assemble the complete –– and expensive, on-prem –– AD package.
Alternatives for Remote Users
For organizations that want to manage Windows and non-Windows systems, web applications, and authenticate users through a wide range of protocols natively, Directory-as-a-Service® (DaaS) may be a better fit. It’s a cloud-based directory service that can be used for remote users on any system. It doesn’t matter whether users work on Windows, macOS, or Linux devices –– you can manage their IT resources without needing third-party tools.