Microsoft Azure is striving to rule the cloud infrastructure market. Despite the rise in Azure popularity, however, many are curious about its user management tool, Azure Active Directory (AD). It’s a bit unclear what the use cases for Azure AD are.
Many IT organizations assume that Azure Active Directory is simply the cloud replacement to the on-prem Windows-based directory service, Active Directory. Unfortunately, we know that isn’t true, which sparks the question of how best to leverage Azure AD.
To understand the use cases for Azure AD, we need to step back and understand Microsoft’s overall strategy with identity management.
Microsoft Identity Management
Microsoft brilliantly created Active Directory in the late 1990s. AD would quickly become the dominant solution to manage user access within an organization. Microsoft promoted the concept of the domain, meaning domain-bound end users could simply log in to their Windows laptop or desktop and have access to anything on the Windows-based network.
This approach to domain services worked quite well until the IT network started to shift. macOS® and Linux® machines started to become more popular, web applications replaced on-prem solutions, data centers started to be replaced by AWS®, and more. IT organizations just weren’t cookie cutter, homogeneous Windows environments any more. The result was that AD started to struggle and lose its grip on controlling access to all IT resources.
Patching the Gaps with Azure AD
IT organizations started to purchase identity bridges, web application single sign-on (SSO), multi-factor authentication (MFA), and other solutions to compensate for what AD lacked in modern organizations. Microsoft, of course, was seeing the trends and started to focus more on cloud infrastructure with their Azure platform, along with Office 365™. As a result, Microsoft needed an identity platform for their cloud infrastructure, and decided to build Azure AD.
While the naming made it confusing, since most thought of Azure Active Directory as the successor to the on-prem AD, Azure AD was really a user management solution for Azure.
Interestingly, though, they tacked on the capability to federate identities to web applications because they saw those as a potential threat to losing control over identities. The architecture and approach was to keep Active Directory on-prem and use Azure AD Connect to bridge between AD and Azure AD. From Azure AD, IT organizations and DevOps engineers could authenticate to their Azure infrastructure, Office 365, and some web applications.
Use Cases for Azure AD
While Azure AD billed itself as cloud identity and access management, it really turned out to only be best for IT organizations that were leveraging Azure and Office 365 with an on-prem AD instance. So, use cases for Azure AD include managing Azure users and federating their identities to Office 365 and a selection of applications like many other SSO solutions do. While this approach to user management may work for some organizations, it is simply not viable.
For example, for those with G Suite™, AWS, macOS, Linux, Samba file servers/NAS appliances, WiFi, and other non-Windows IT infrastructure, Azure AD is a struggle. Even for organizations solely leveraging Windows systems, Azure AD requires an additional solution—Intune—for system management capabilities. The result is that IT admins have realized the very specific use cases for Azure AD and can build their infrastructure accordingly.
As the IT landscape continues to be more diverse, the concept of AD and Azure AD is largely being reimagined through a neutral cloud directory called Directory-as-a-Service®. Directory-as-a-Service (DaaS) is a serverless identity management platform much like Azure AD, except since it is completely vendor neutral. DaaS operates on Windows, macOS, and Linux systems. With user, system, network management, and more, Directory-as-a-Service is a comprehensive approach to identity management for the modern era.
If you feel restricted by the limited use cases of Azure AD, consider using Directory-as-a-Service from JumpCloud® as your directory of choice. You can try the DaaS product completely free for your first ten users. Of course, you can also simply schedule a demo, or contact us with your questions.