By Greg Keller Posted June 5, 2017
A critical part of the Microsoft Active Directory® platform is their Group Policy Objects (GPOs). In fact, many IT admins would have already replaced Active Directory years ago if they could find an alternative that could match AD’s GPO function.
GPOs enable IT to manage devices as well as control user access more efficiently by segmenting them into groups. Having the ability to manage Windows devices through GPOs was a crucial IT management capability, especially for organizations with larger numbers of users or endpoints. In short, the need for group-based access management is one of the main reasons that AD has been so firmly embedded in organizations for over a decade.
Now however, there is finally an alternative. A modern, cross-platform approach to GPO-like functionality is being driven by a new category of solution called Directory-as-a-Service®. This solution is a part of the Identity-as-a-Service category delivering a Group Policy Object replacement.
The Power and Value of Group Policy Objects
GPOs are a valuable part of AD. With GPOs, IT admins can execute policies and scripts on Windows devices. Those items can include the ability to manage password policies, screensaver timeouts, disk encryption, guest user accounts, and much more. Microsoft AD not only provides templates for a wide variety of GPOs but also gives IT admins the ability to write their own custom GPOs. The inclusion of device management capabilities with directory services was a brilliant move by Microsoft.
Identity-as-a-Service Emerges – without GPOs
As the Identity-as-a-Service market has emerged, GPO replacement capabilities have not been at the top of the list. In fact, the first generation of IDaaS providers focused on web application single sign-on. These cloud identity management solutions focused in on leveraging AD as the core, authoritative directory service and then federating those identities to the web application SSO component. The assumption was that AD would always be the directory service.
IDaaS Matures into Group Policy Object Replacement
With the shift to the cloud and to mixed-platform environments, Active Directory is no longer the unified cloud directory service that IT organizations are looking for. In fact, they are seeking a cross-platform, independent directory service that does authentication, authorization, and device management. Think of this as an Active Directory alternative built for the cloud era. It should have cross-platform user management capabilities for MacOS, Linux, and Windows. In addition, it must have device management capabilities similar to GPOs but across all three major platforms.
Manage Groups of Users and Systems from the Cloud
If you would like to learn more about how the Identity-as-a-Service function for Group Policy Object replacement works, drop us a note. You may also sign up for a free account and take a look at our Directory-as-a-Service command execution functionality. Your first 10 JumpCloud® users are free forever.