Is there device management in Azure® Active Directory®? Well, sort of, but it’s probably not the device management setup you’re hoping for. Most people think of device management as GPOs (group policy objects) or SCCM for Windows machines, and unfortunately, that’s not really how Microsoft® Azure thinks of device management. However, before we discuss how Azure manages devices, let’s first walk through what Azure Active Directory can do in full.
What Can Azure Active Directory Do?
While Microsoft has labeled Azure Active Directory as a cloud directory platform, most IT organizations have come to realize that Azure AD isn’t anywhere close to being Active Directory in the cloud. It’s really more of a complement to the on-prem directory service, Active Directory. Azure AD can manage user access to Office 365™ and a few web-based applications, but this Spiceworks post reveals Azure AD doesn’t offer the ability to manage computer accounts, group policy objects, organizational units, and more. These are identity management features that many have come to depend on with Active Directory. If Azure AD doesn’t have these capabilities, then what should IT admins expect when it comes to managing devices with Azure Active Directory?
Managing Devices with Azure AD
So, for organizations thinking about device management in Azure AD, what should their expectations be? Generally, IT organizations should look at it in a much more simple context – a device can be “registered” with Azure AD. Registration means that Azure AD will look to authenticate the device when a valid user has signed into the device. Ultimately, the goal with registration is to work within the BYOD concept. Your user identity is controlled globally, so when a user leverages their own device, you will be able to know that their device is valid to join your Azure AD ‘domain’. But this concept isn’t what most have in mind when it comes to system management. The concept of tightly managing Windows systems similar to on-prem GPOs from AD is really left to a different solution, Microsoft Intune.
For many organizations that want to shift to cloud identity management tools, the limited device management capabilities from Azure AD is disappointing. IT admins are used to having deep control over of the Windows systems in their IT environment. They’re used to being able to determine things like whether or not users can change their password by accessing system preferences or if the system screen locks after a certain amount of time.
Another factor to consider is that Azure AD is really limited to authenticating only Windows 10 devices that are located on a company’s premises. That’s a problem because many organizations are still using Windows 7 and others are moving on to using Mac systems. Note that organizations using Apple products exclusively may benefit from using Apple Business Manager instead.
So, in order to have full user and device management in the cloud, IT organizations will need to search for third-party solutions that often end up being costly and end up creating one more platform for IT to manage. That is unless they use the right third-party platform. The right solution will be completely cloud-based and be able to connect to virtually all IT resources, regardless of protocol, provider, platform, and location.
The good news is that there is a third party cloud identity management platform that offers comprehensive user and system management from the cloud. It’s a modern concept of a cloud directory that is morphing how IT admins think about the IAM strategy. Traditionally, Microsoft has advocated AD on-prem and now Azure AD as a compliment in the cloud to manage Windows-based resources. With JumpCloud Directory-as-a-Service, IT organizations can leverage a single platform to connect users to virtually any IT resource.
Device Management in JumpCloud
Whether you’re a technical whiz or just starting out, JumpCloud has a couple of different device management tools. JumpCloud Policy Management allows you to control how a group of systems will behave in just a few clicks. There is no coding or scripting involved, and whether it’s a fleet of Mac, Linux, or Windows systems, JumpCloud has you covered. JumpCloud Commands, on the other hand, does require a sysadmin to know a scripting language like bash, Perl, Python, or Ruby for example. But, it is just as powerful. The Commands feature enables IT admins to remotely execute tasks, install software, configure their devices, and more.
In addition to deep device management, JumpCloud Directory-as-a-Service also provides IT organizations with centralized user management, cloud LDAP, hosted RADIUS, GPO-like cross-platform system management, web application single sign-on, multi-factor authentication, and much more. IT admins can move all of their infrastructure to the cloud, and finally centralize user access to every IT resource – all with just one identity management solution.
More about Device Management
Learn more about why you should consider using JumpCloud’s system management instead of device management in Azure Active Directory by dropping us a note. We’ll gladly answer any questions you might have and are happy to discuss how JumpCloud can manage all of your IT resources. Of course, if you’d rather figure some of this out for yourself, sign up for a free account. Your first ten users are free forever, and the whole platform is available.