By Vince Lujan Posted June 9, 2019
Is there a managed service for Active Directory® (AD), the on-prem directory services platform from Microsoft®? Isn’t Azure® AD really just a managed service for AD in the cloud?
The short answer is: no to both. While there are some Active Directory solutions that are hosted by a third-party, they are hardly a complete AD managed service or a SaaS-based identity management solution.
Even Azure AD isn’t intended to be a cloud alternative to AD, but rather a complement (despite having AD in the name). There is hope, of course, but let’s dive into the two aspects of this discussion with the first being the concept of a managed service for Active Directory.
How do you manage Active Directory?
AD is an on-prem software solution that is part of the Windows® Server platform. Historically, most organizations simply deploy and manage AD internally and on-prem for a few reasons.
Primarily, AD is an on-prem identity management solution that was developed for on-prem networks of Windows-based IT resources. Therefore, shifting the on-prem solution to a virtual environment would take the Microsoft platform out of its element.
This is demonstrated by the fact that AD relies on a direct connection where the user’s device and IT resource talk directly to AD. If AD were to be hosted remotely in a data center, for instance, another IT infrastructure service (e.g., a VPN) would be needed to connect the users and IT resources to AD.
There are, of course, plenty of other reasons why IT organizations would prefer to manage AD internally. Essentially, though, it comes down to the fact that AD wasn’t designed to be leveraged and managed remotely and doing so can cause problems.
The end result has been that Microsoft hasn’t focused on building a managed services offering, but a few third-party managed service providers have created hosted AD services that can create a cloud service. But where does that leave Azure AD?
Azure AD; Managed AD Service?
To the second question, which may end up being more relevant, Azure AD isn’t a copy of the on-prem AD platform hosted in the cloud. Rather, Microsoft has positioned Azure AD primarily as a complement to AD on-prem.
To illustrate this point, consider that Azure AD is, first and foremost, a user management platform for Azure infrastructure and a web application single sign-on (SSO) solution. The catch is that admins will still require AD to fully sync users and connect them to legacy infrastructure on-prem.
In other words, traditional AD implementations are for traditional Windows domains, whereas Azure AD is for cloud-based Windows domains—but neither is designed for both. So, while Azure AD can manage users and connect them to Azure-based IT resources, it’s not a complete directory services solution even in a Windows-centric environment. To boot, using both requires yet another solution called Azure AD Connect.
Reimagining Active Directory
Happily, while a managed service for Active Directory may not be available, a new generation of cloud identity management in reimagining AD from the cloud. Directory-as-a-Service® is an innovative cloud-based service that offers the flexibility of a neutral IAM solution that can integrate with macOS® and Linux® as well as Windows, AWS®, G Suite™, web applications, WiFi and VPNs, and more.
With JumpCloud®, IT organizations can leverage a managed Directory-as-a-Service that is perhaps better suited for the cloud era than traditional Windows-based platforms or even Microsoft’s cloud platform. As a result, IT organizations effectively no longer need AD nor Azure AD, although JumpCloud can integrate with them both.
Sign up for a free account to check out the full functionality of the Directory-as-a-Service platform free for up to ten users. If you would like to continue the conversation about a managed service for Active Directory alternative, drop us a note. We are happy to speak with you.