By Greg Keller Posted March 21, 2016
There’s been a lot of talk lately about Directory-as-a-Service. It’s a critical component in the Identity Management landscape. With legacy directories like Microsoft Active Directory and OpenLDAP losing favor in many organizations, a new class of cloud-based directory service solutions has emerged. One of those cloud-based directories, Microsoft Azure Active Directory, has been generating a lot of interest lately. The question becomes: Should I migrate to Azure Active Directory?
Before any organization makes the decision to migrate, it will need to do an inventory of what the requirements are for IT admins. Here are some key items to consider:
- Centralized User Management – Are you looking to Azure AD to be your core user store across all of your users for everything that users need to access? To date, Azure AD has been created with Azure and Office 365 in mind. If you want it to be your core user database, you may need to consider keeping the on-premises Active Directory or going with Directory-as-a-Service.
- User Control Over Devices – Azure AD controls your devices, as long as they are located within Azure. Devices outside of Azure are not supported. In the case that you have servers at AWS or Google Compute Engine, you are facing a problem. This applies to on-premises devices such as your laptops, desktops, and on-premises servers.
- Device Management capabilities – A hallmark of the on-premises AD is the ability to manage Windows devices through GPOs. Recently, Microsoft carried over some of this functionality into Azure, however, if you are seeking a way to manage your on-prem Windows, Mac, or Linux devices, Azure AD has no solution.
- User Control Over applications – Azure AD has built-in support for numerous web applications. Similar to many single sign-on vendors, Microsoft has enabled the ability to have its customers leverage their Azure credentials elsewhere. While this works well for web applications, it doesn’t work for LDAP-based applications or those on-prem, legacy apps.
- Network access Control – If you are seeking control over who accesses your network on-prem, you’ll need to either keep that domain controller or leverage RADIUS integration into your core directory. Microsoft will give you some domain controller functionality in the cloud for your Azure infrastructure, but you will need to seek a different solution for your on-premises networks.
The key thread through all of these points is that Azure AD is a viable solution if your entire infrastructure is based at Azure and that is all the functionality that you need. The likely result here is that Azure AD will work well for organizations that want to control and manage their Azure infrastructure, but it won’t be viable by itself. You’ll need to either connect your Azure Active Directory instance to your on-premises AD solution, or you’ll leverage a third-party, vendor agnostic directory service such as JumpCloud’s Directory-as-a-Service.
If you would like to learn more about whether migrating to Azure AD is right for you or whether you require other approaches to solving your challenges, drop us a note. We’d be happy to discuss it with you.