Small and medium-sized enterprises (SMEs) sometimes determine that it’s best to keep Active Directory (AD), despite the challenges a remote workforce full of diverse devices and resource requirements presents. But change and modernization aren’t always all or nothing propositions.
To better support organizations leveraging Active Directory device management, the JumpCloud® agent can now coexist with devices that have domain bindings. This makes it possible to manage and secure devices while maintaining legacy infrastructure, while also delivering the added benefit of deploying JumpCloud without having to un-join devices from the domain controller to have secure, centralized access control and visibility everywhere users work.
It can be difficult to manage devices that are being used in home offices. Remote devices that are outside of the corporate network become a veritable forest of silos, because neither Active Directory nor Microsoft ADFS can manage them on their own. Many IT admins struggle to schedule time with employees to share a screen, log the target device into the VPN, and manually perform maintenance tasks such as forced reboots, software updates, and policy changes. That’s no longer necessary with this enhancement, which streamlines remote device management and lifecycle management tasks.
There are three main benefits that arise from the combination of JumpCloud and Active Directory:
- A more efficient way to manage and secure remote AD-bound Windows devices
- Easier reporting within your entire device fleet for compliance purposes
- Unlock additional value for organizations with AD.
Centralized Management and Governance
Centralized control means that time-consuming manual processes or single purpose Remote Monitoring and Management (RMM) solutions aren’t required to keep remote devices in compliance with the rest of the fleet. JumpCloud’s compatibility with domain-joined devices enables admins to utilize PowerShell and basic security commands with root access, even when they’re remote and not logged into a VPN. Having devices constantly connected to a VPN can be expensive and not the optimal use of your department’s budget. Instead, JumpCloud’s console can be used to create PowerShell commands to ensure devices periodically “phone home” back to the domain controller (DC) over the VPN to receive policy changes and other updates from your network.
JumpCloud orgs also gain event management monitoring with JumpCloud’s System Insights, as the agent pulls telemetry from Windows devices into the JumpCloud platform. The JumpCloud console serves as a single pane of glass for compliance and visibility into the remote workforce’s devices and incorporates any additional non-Windows devices. Most enterprises operate heterogeneous environments, which benefit from having a full device view, especially during security audits. There’s no longer a reason for legacy domain controllers to be reporting silos.
Fully Utilize JumpCloud
Existing JumpCloud users previously could only use platform features that did not require agent access to an AD-bound Windows device, which acutely limited visibility, remote management, and security capabilities. Now, remote devices will be centrally managed from within the JumpCloud console, but Active Directory still remains the “source of truth” for system policies and identity management. Admins can maintain their usual directory management workflow(s), but JumpCloud extends what’s possible with devices that are outside the domain (i.e., remote workers).
By having the JumpCloud agent installed, IT administrators gain the ability to:
- Access security and compliance information in one place for all platforms and devices, including AD-joined PCs.
- Do nearly anything through the client’s root access permissions with security commands and PowerShell.
- Leverage our SSO and Cloud RADIUS with AD Sync (a separate JumpCloud tool) to synchronize credentials and avoid paying for expensive add-on such as ADFS.
The setup is as simple as installing the JumpCloud agent, which will operate on the Windows device without any additional steps. Deeper integration is possible by installing the AD Sync tool and using JumpCloud, normally, without any new training required for JumpCloud administrators. The domain-joined devices will be populated within the JumpCloud cConsole and appear as they otherwise would in a domainless enterprise, without any Active Directory synchronization configured.
There are a few initial preparatory steps to accomplish this integration.
How Do I Setup ADI Integration (optional)?
- Prepare your JumpCloud tenant for AD Integration
- Prepare your domain controller
- Create a service account that has a strong, unique password
- Use our import/sync tool to get shared credentials between AD and JumpCloud (our agent won’t pick up the credentials just by residing on the device)
- Select any custom configuration options for the AD Sync agent
- Select user attribute synchronization, including group names and memberships
- Bind a device with a user within JumpCloud
- Install the JumpCloud agent on Windows devices
JumpCloud extends what’s possible with legacy infrastructure, but also provides a realistic path to move away from the domain controller entirely as groups, permissions, and other IT assets are migrated away from the on-prem Windows Server. It’s as simple as “install the agent and go”, with the steps immediately above being used only to synchronize credentials between the two systems.
Try JumpCloud now without having to remove devices from your domain. Gain real-time management benefits for remote users as well as the convenience and added security of extending the directory to enable modern SSO for cloud resources and applications. The platform is free for 10 devices and users with complimentary 24×7-365 chat support for the initial 10 days following your account creation.