By Natalie Bluhm Posted February 22, 2018
With Microsoft® pushing hard on their new cloud identity management solution Azure® Active Directory®, many IT organizations are in the process of comparing AD and Azure AD.
- Is Azure AD a replacement to Active Directory?
- What are the cost differences?
- Does Azure AD connect with Macs?
- Does Azure AD come with Group Policy Objects?
These questions need to be answered when comparing AD and Azure AD. To understand the significance behind these questions, it’s important to take a look at the world from which Active Directory came.
In the Beginning, There was Microsoft
As most IT admins know, Microsoft Active Directory has become the most popular identity provider on the planet over the last two decades. Active Directory emerged in a time when users almost exclusively used Microsoft Windows® for their workstation, Microsoft Outlook for email, and Microsoft Office for productivity applications. In addition, these resources, and the networks used to access them, required on-prem infrastructure. IT found it difficult to securely manage identities within this Microsoft-centric on-prem workplace; Active Directory was created to address this problem. AD worked very well, and it provided IT admins with the user and system management they had been lacking. The key here is that it really only worked as long as the IT network was located on-prem and remained Windows-based.
Changes in IT Landscape Lead to Azure AD
Shortly after AD was introduced, the world started to slowly shift. The change started with the introduction of web applications — solutions such as Salesforce, G Suite, Github, and others. Soon, AWS® and other Infrastructure-as-a-Service (IaaS) providers changed how data centers were thought about and implemented. Even cloud and Linux server-based file storage solutions emerged, changing a core part of the IT infrastructure. Of course, Mac, and even Linux systems, also started to replace Windows workstations.
All of these changes soon put Microsoft on its heels. The result was a strong push with their own cloud infrastructure solutions including Azure and Office 365™. The goal was to stem the tide of defectors to alternative cloud solutions such as G Suite, GCP, and AWS. As part of their push to the cloud, Microsoft needed a user management platform for Azure and Office 365. The result was Azure Active Directory.
Azure AD isn’t an Active Directory Replacement
In comparing AD and Azure AD, it’s clear that Azure AD isn’t an alternative to Active Directory as you can see from this Spiceworks post by a Microsoft representative. Azure AD doesn’t offer the organizational features and system management capabilities IT has come to depend on with Active Directory.
The Microsoft representative even writes:
…there is no actual “migration” path from Active Directory to Azure Active Directory. You can synchronize your on-premises directories (Active Directory or other) to Azure Active Directory but not migrate your computer accounts, group policies, OU, etc….Azure Active Directory is an identity and access management solution for hybrid or cloud-only implementations.
Basically, Azure AD’s goal is to be the cloud component for Active Directory while the legacy identity provider (ostensibly AD) continues as the core, on-prem directory service.
So, what are the mechanics behind this Azure AD and Active Directory setup?
How Azure AD Works with Active Directory
Active Directory is the authoritative source for a user’s identity. AD is then connected to Azure AD to federate identities to Azure, O365, and other web applications. The two identity management solutions work in concert to enable IT organizations to manage their users across an on-prem and cloud Windows-based environment.
After comparing AD and Azure AD, it’s clear that this approach ties yourself to Microsoft. For IT shops that focus solely on the Microsoft platform, this is just fine, but for many others the Microsoft lock-in is problematic. This is an issue because many end users want to utilize new resources such as Mac or Linux machines. When end users are able to use the resources they want to use, their productivity actually increases. For example, a Jamf survey shows that 75% of end users prefer Mac systems over Windows. Additionally, this same survey reports that end users are 72% more productive when they can use the system of their choice. IT organizations that leverage a locked-in approach are missing out on the advantages, like increased productivity, that modern IT resources have to offer.
The good news is that there is a modern cloud identity management platform that is a replacement to Microsoft’s identity management approach. Called JumpCloud Directory-as-a-Service®, our vendor-independent identity and access management solution can function as the core identity provider for an organization; it can actually replace Active Directory and Azure AD.
Modern Identity and Access Management with JumpCloud
With our cloud-based directory service, IT admins are able to control all of the IT resources in their environment from a single pane of glass. Additionally, IT admins can connect users to all of the resources they need in today’s modern working world. JumpCloud Directory-as-a-Service integrates with systems (Mac, Linux & Windows), local and remote servers (AWS, GCP, IBM etc.), legacy and web-based applications (Salesforce, Workday, Office 365, G Suite, and many more), physical and virtual file storage (Samba file servers and NAS devices), and wired and wireless networks (WiFi, for example).
IT finally has an option for a core identity provider in the cloud that truly is an alternative to Active Directory.
For more information on comparing AD and Azure AD, please drop us a note. You can also start testing our Active Directory replacement by signing up for a free account. All of our features are available, and your first ten users are free forever.