By Greg Keller Posted December 17, 2015
Now that Microsoft’s Azure Active Directory has been around for a little bit, we think it’s worth doing a review of its capabilities and various limitations. Microsoft introduced Azure, which is a cloud infrastructure platform, to compete with AWS and Google Apps. Within the folds of Azure you’ll find the Office 365 productivity suite as well as the cloud-based solution Active Directory. It should be noted that the on-premises traditional Active Directory is rooted in a different code base than the newer cloud-focused Azure Active Directory. When combined, the two ADs should provide Windows and Azure-centric organizations the opportunity to create one directory infrastructure. At least that’s the theory.
A Sure-fire Hit with Microsoft Solutions
Azure Active Directory was created to be the directory services solution for Azure. It enables organizations to manage user authentication and authorization to Azure infrastructure, Office 365, and applications leveraging Azure. Fundamentally, it is a cloud-based directory solely for the Azure cloud. Unlike the traditional Active Directory, the Azure AD is not meant as a directory services solution for the on-prem network and infrastructure. In a sense, Microsoft isn’t capitalizing on its own AD solution. Instead, Microsoft is extending the traditional AD implementation to the cloud. Or for those that are exclusively in the cloud, it is creating a mechanism to control user access to Azure infrastructure and services.
For those organizations that are interested in having a central user directory for their on-prem devices that are Windows-based, AD is a potential solution. If the local infrastructure is mixed, then a Directory-as-a-Service platform will be the better choice. Also, Azure AD does not support integration with AWS or Google Compute Engine infrastructure. If your server infrastructure is hosted at either of those locations or elsewhere, then you’ll want to explore DaaS as an option.
Not Quite a Home Run with Single Sign-on
As you turn your attention away from devices and infrastructure and onto applications, Azure Active Directory does have some convenient single sign-on capabilities. Azure AD enables organizations to use AD as the SSO solution for other web-based applications. In essence, this functionality becomes an extension of the Office 365 productivity suite. Those accounts that login to O365 can now login to other web-based applications. It’s a nice addition, and adds value to the Azure AD service. Providing SSO to other web applications becomes a reason for organizations to move to the Azure suite. Unfortunately, though, if you have on-prem applications, which are LDAP-based, you’ll need to search for other ways to connect those types of applications to a central user store.
DaaS is the True Team Player
Azure AD is a strong cloud-based directory option if you are “all in” on Windows and Azure. As soon as you step out of that ecosystem, you’ll struggle with centralization, control, and security. For those heterogeneous IT environments, where there are Macs, Linux, Google Apps, AWS, or other components, you’ll want to find a different cloud-based directory service solution. In that case, a cross-platform, vendor agnostic solution, such as Directory-as-a-Service, is clearly the better choice.
If you would like to learn more about how Azure Active Directory and Directory-as-a-Service stackup against each other, drop us a note. We’d be happy to discuss it with you. Or, feel free to take JumpCloud’s DaaS for a test drive to see how it performs in your environment.