There is some belief amongst those in the IT industry that Azure® Active Directory® is a replacement to the on-prem, legacy identity provider Active Directory®. Confusion surrounding the Active Directory (AD) family of products makes sense, given they share the same Active Directory namesake. So, let’s make this simple: if you actually replace on-prem AD with Azure AD you won’t be getting the same functionality from the cloud. Or, a bit more precisely, Azure AD DS is not a replacement for AD DS.
Extend or Replace On-Prem AD with Azure AD?
Azure Active Directory in use is a complement to the legacy AD. Think of Azure AD as an extension of your on-prem identities out to the Azure cloud and the associated web applications that Azure can manage access to.
“Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It actually provides many more capabilities in a different way.
“That’s why there is no actual ‘migration’ path from Active Directory to Azure Active Directory. You can synchronize your on-premises directories (Active Directory or other) to Azure Active Directory but not migrate your computer accounts, group policies, OU etc.
“As you can see here Azure Active Directory is an identity and access management solution for hybrid or cloud-only implementations. It can extend the reach of your on-premises identities to any SaaS application hosted in any cloud. It can provide secure remote access to on-premises applications that you want to publish to external users. It can be the center of your cross-organization collaboration by providing access for your partners to your resources. It provides identity management to your consumer-facing application by using social identity providers. Cloud app discovery, Multi-Factor Authentication, protection of your identities in the cloud, reporting of Sign-ins from possibly infected devices, leaked credentials report, user behavioral analysis are a few additional things that we couldn’t even imagine with the traditional Active Directory on-premises.”
Azure AD’s True Role
As you can see, the Azure AD platform is effectively a user management platform for Azure itself. It provides access control to Azure cloud servers as well as helping you to control user access to Office 365™.
Another critical capability of Azure AD is that it is a web application single sign-on solution. That puts Azure in competition with major web single sign-on (SSO) players like Okta® and Ping Identity®.
Like those SSO providers, Azure AD isn’t able to authenticate on-prem devices such as Windows® desktops and laptops (sans Win10 Pro). And, of course, macOS® and Linux® systems hosted on-prem or elsewhere are out of bounds as well. In addition, on-prem applications will need to be managed by your on-prem AD instance, as would your WiFi network if you wanted single sign-on to your domain. Clearly, any strategy with Azure AD also needs to include AD and integration through Azure AD Connect. If you’re looking to go all cloud, this may not be the most full-featured method.
JumpCloud Provides the Alternative to AD and Azure AD
If you are a cloud-forward organization trying to shift as much of your infrastructure to the cloud as you can, this Azure AD plus AD approach may not be what you’ve been looking for.
A better path forward may be to leverage a next generation Identity-as-a-Service (IDaaS) platform that is exclusively from the cloud and for both cloud and on-prem resources. Called Directory-as-a-Service®, this virtual identity provider is the core, authoritative identity provider that securely manages and connects user identities to the IT resources they need including systems, applications, files, and networks.
As an independent provider, a wide variety of IT resources can be integrated together. We’re talking Windows, Linux, G Suite™, Office 365™, AWS® and much more. Further, IT admins can leverage cross-platform, GPO-like capabilities to manage policies on Mac® and Linux systems as well as Windows®.
Replace AD and Azure AD
Ready to learn more about how to replace on-premise AD with Azure AD? Drop us a line. We’d be happy to walk you through the capabilities of each solution as well as give you an introduction to Directory-as-a-Service, which is an alternative to Active Directory and Azure Active Directory. Or, just simply sign up for a JumpCloud account today. When you sign up you get instant access to the entire platform, and we throw in your first 10 users free—forever. Once you’ve signed up be sure to check out our Knowledge Base for more.