By Zach DeMeyer Posted April 2, 2019
With Microsoft® trying to shift organizations to their Azure® cloud platform, many IT admins are looking to figure out whether Azure Active Directory® (AAD) or another cloud directory service is right for them. Specifically, for IT organizations that leverage cross-platform infrastructure, they are wondering if they can join Macs® to an Azure AD domain. Let’s dive into how Macs work in AAD, and find an answer to the question.
Macs in an AAD Domain
Azure AD wasn’t set up to be a core directory service of macOS® and, of course, Microsoft hasn’t been motivated to make it easier for IT organizations to leverage non-Windows® platforms, such as Mac or Linux®. With that being said, there are ways that IT organizations can cobble together multiple software solutions to join Macs to an Azure AD domain using traditional tools.
A Cobbled Approach
IT admins will need to start with not only Azure AD, but also purchase Azure AD Domain Services, which creates a domain within Azure. Then, IT admins will need to setup a VPN connection between their Macs and the Azure AD domain.
Unfortunately, though, this VPN approach is not condoned by Microsoft. In fact, they actively discourage IT admins from connecting non-Windows, on-prem devices to an Azure AD domain.
Rather, Microsoft would rather have you leverage AD on-prem as the backing directory with Azure AD as well as a directory extension for Mac layered on top. At any rate, while it is possible to connect Mac to Azure AD with this approach, it is far from ideal.
Stuck Between One AD and Another
Leveraging Microsoft’s on-prem directory service, Active Directory®, IT admins trying to join Macs to AAD are stuck with a complex task. Essentially, they’ll need to figure out how to have the AAD credentials match those within AD, and then subsequently use a directory extension tool to connect the Mac to the on-prem Active Directory. That’s a lot of work to get Azure AD to work with Macs, and AAD isn’t even the core identity provider in this scenario.
The disparity between Azure Active Directory and macOS systems has given IT admins a reason to step back and look at the bigger picture of identity management. An ideal solution would take one set of credentials and propagate them across a user’s entire lineup of IT resources, including systems (Windows, Mac, Linux), cloud infrastructure (AWS®, GCE™, or Azure), applications, networks, and more. This centralized cloud directory could alleviate the burden of authentication of non-Windows resources to Azure AD.
Mac Authentication in a Cloud Domain
Thankfully, tens of thousands of IT admins have taken a holistic look at identity management and sought a different path when it comes to macOS systems altogether. Rather than connect them to Active Directory or Azure Active Directory with multiple software solutions, IT admins have managed user and system access through a next generation cloud directory service called JumpCloud® Directory-as-a-Service®.
Directory-as-a-Service (DaaS) has reimagined the legacy Active Directory for the cloud era. As such, DaaS centralizes user identities behind a single credential per user. This True Single Sign-On™ experience connects users to virtually all of their IT resources, making work easier for users and admins alike, and ultimately securing IT organizations worldwide.
So, can you join Macs to an Azure AD domain? Not easily with traditional tools, but with JumpCloud, you can join Mac systems and more to almost any resource an end user may choose. If JumpCloud DaaS seems like the right solution for you, you can give it a try today, absolutely free. By signing up for JumpCloud, you get full access to the DaaS product, with ten users guaranteed free forever. Afterwards, you can scale JumpCloud with your organization. If you have any questions, please contact us.