Azure AD DS and Zero Trust Security

By George Lattimore Posted May 14, 2019

The IT security movement has been shapeshifting again, and IT pros everywhere are looking to find a bridge over troubled water. It’s their responsibility to connect the dots between tools like Azure® AD DS and Zero Trust Security in order to shepherd their organizations and end users safely across to dry land.

For many years, there were specific models and static approaches that IT organizations used to surround and protect their company digital assets. Most notably, you might remember there was a defense in-depth approach that was sometimes referred to as layered security. Now, however, a new model known as Zero Trust Security is rising to meet the incoming tide of cyber threats.

Does Microsoft® Understand Zero Trust?

With the focus on Microsoft® Azure specifically, and its related services such as Azure AD DS (Active Directory Domain Services), many IT admins are trying to understand where Azure AD DS leaves them in regards to Zero Trust Security.

The Zero Trust Security model is founded on several core assumptions, the main of which explicitly states that everything and everyone is untrusted by default. It’s not personal—it’s just modern cyber security. Once trust is verified by triangulating the user’s identity through a variety of measures, permission to access or connect to the necessary IT resources is granted. It’s no exaggeration to say this model fundamentally has changed the approach that IT admins take to securing their networks, from the inside out.

As Microsoft starts to shift their entire base of customers to the Azure platform, a key part of that migration is the identity and access management (IAM) solution, Azure AD DS. Unfortunately, this isn’t as straightforward as IT admins may think. Azure AD simply isn’t a replacement for the on-prem Active Directory® platform, and instead, Azure AD acts as a complementary tool to on-prem servers. For Azure related services, Azure AD DS provides a domain where users can log in and then subsequently have access to whatever they need within Azure using specific rights established in the domain.

Needing an Alternative to Azure AD DS

If IT organizations closely study the Zero Trust model, they realize that the concept of the domain is actually a bit orthogonal to the industry-standard approach. In fact, with Zero Trust there is no perimeter to the network, unlike Microsoft’s domain model. The result here is that for IT admins who are considering implementing Zero Trust, they will need to think through the right Microsoft-alternative tools and approaches that help them create the proper Zero Trust Security implementation. Surely, IT organizations and managed service providers (MSPs) have found other ways of implementing sound Zero Trust Security practices, right?

A Zero Trust Security implementation starts with identity and access management, the base of any organization’s IT infrastructure. Thankfully, there’s a new generation of cloud identity management that’s shaking up what’s possible for organizations of all sizes. This next-generation identity provider is called Directory-as-a-Service®, and it’s quickly become a core tool in the Zero Trust Security approach.

Vendor-Neutral Identity Provider

How? By replacing any need for IT organizations to use and maintain outdated Active Directory hardware. Instead, businesses are going lean, moving to the cloud, and streamlining how their users access cloud-based resources and on-prem file servers alike. Regardless of protocol, platform, provider, or location, Directory-as-a-Service is the vendor-neutral solution for achieving true Zero Trust Security with a cloud-forward cyber defense plan.

Ready to try Directory-as-a-Service, skip Azure AD DS, and hit the ground running with Zero Trust Security? Go ahead and explore how integration would work with your organization by signing up for a Free Account today. The first 10 users are completely free of charge, forever, so you’ve got plenty of runway to see all the functions and features for yourself. Feel free to drop us a note, and one of our support team experts will get back to you ASAP to answer any of your questions.

George Lattimore

George is a writer at JumpCloud, a central source for authenticating, authorizing, and managing your IT infrastructure through the cloud. With a degree in Marketing and an MS in Public Communications and Technology, George enjoys writing about how the IT landscape is adapting to a diversified field of technology.

Recent Posts