By Jon Griffin Posted June 12, 2017
Since most organizations are choosing to leverage hybrid infrastructure, it raises the question of whether you can use Azure Active Directory® for this situation. Many pundits have predicted that organizations would shift completely to the cloud, but it’s clear we aren’t seeing that. The IT infrastructure located on-prem is critical – even if it only consists of user systems and the WiFi infrastructure. Solutions that are primarily built around the cloud aren’t useful if they can’t solve the problem for on-prem infrastructure as well, minimal as it may be.
This path is true for Microsoft directory services. Everybody knows that Active Directory® is the legacy, on-prem system for Windows systems and applications. However, there is this assumption in the IT world that Azure AD is the next generation directory service, and that it will work with both cloud infrastructure and on-prem resources. The confusion could be coming from the fact that Microsoft used the name Active Directory combined with their new cloud-based service, but in reality Azure AD is just a user management system for Azure and a web application SSO platform. A Microsoft representative himself stated that Azure AD is not the cloud version of AD as everyone thought it is.
Azure Active Directory vs Microsoft AD
As mentioned, Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It actually provides many more capabilities, in a different way.
That’s why there is no actual “migration” path from Active Directory to Azure Active Directory. You can synchronize your on-premises directories (Active Directory or other) to Azure Active Directory, but not migrate your computer accounts, group policies, OU, etc.
As you can see here, Azure Active Directory is an identity and access management solution for hybrid or cloud-only implementations. It can extend the reach of your on-premises identities to any SaaS application hosted in any cloud. And it can provide secure, remote access to on-premises applications that you want to publish to external users. Azure AD can be the center of your cross-organization collaboration by providing your partners with access to your resources. It provides identity management to your consumer-facing application by using social identity providers. Cloud app discovery, multi-factor authentication, protection of your identities in the cloud, reporting of sign-ins from possibly infected devices, leaked credentials report, and user behavioral analysis, are a few additional things that we couldn’t even imagine with the traditional Active Directory on-premises.
What About Azure Active Directory Domain Services?
Even the recently announced Azure Active Directory Domain Service is not a usual DC. Plus, it’s not a service that you could use to replicate your existing Active Directory implementation to the cloud. It’s a stand-alone service that can offer domain services to your Azure VMs and your directory-aware applications – if you decide to move them to Azure infrastructure services. However, there is no replication to any other on-premises or cloud (in a VM) domain controller. If you want to migrate your domain controllers to the cloud to use them for traditional tasks, you could deploy domain controllers in Azure Virtual Machines and replicate via VPN.
So to conclude, if you would like to extend the reach of your identities to the cloud, you can start by synchronizing your Active Directory to Azure AD.
The upshot is, you’ll have AD for on-prem IT resources, and Azure AD for your Azure cloud-hosted resources. You can use both solutions to cover your on-prem and cloud infrastructure, but realistically this can only happen if they are Microsoft platforms.
Directory-as-a-Service®: The Hybrid Infrastructure Solution
That’s hardly a solution or approach that works for IT organizations that are leveraging hybrid infrastructure. A new generation of IDaaS platform is stepping in to solve the identity management problem for hybrid situations. Directory-as-a-Service is connecting user identities to systems, applications, and networks regardless of location, protocol, platform, or provider. As a cloud-hosted directory, Directory-as-a-Service is reimagining Active Directory for the cloud era.
If you would like to learn more about whether Azure Active Directory works for hybrid organizations, drop us a note. Alternatively, give Directory-as-a-Service a try for yourself and see if it can work for your hybrid infrastructure. Your first 10 users are free forever.