The Risk of Microsoft Owning Your Identity

Written by Kayla Coco-Stotts on March 8, 2020

Share This Article

Microsoft® Active Directory® (AD) was designed to function as the center of an IT admin’s world. It gave IT teams a way to securely connect users to all on-prem resources (such as systems, applications, and networks) they needed.

However, today’s corporate environment favors cloud-based, cross-platform IT infrastructure for its convenience and increased security over on-prem hardware. As a result, IT admins are realizing that, while using a legacy directory service may be familiar, there’s a risk of Microsoft owning your identity. 

Moving Beyond the Microsoft-Centric IT Environment

Active Directory still exists today as a vital tool for managing identities, Windows® systems, and on-prem applications. Be that as it may, today’s organizations utilize a variety of resources outside the scope of Microsoft’s domain.

Most IT organizations now implement a mixed-platform environment, including systems like macOS® and Linux®. In addition, Active Directory doesn’t natively authenticate users to web-based applications like Salesforce®, G Suite™, and Slack®.

For many, keeping AD as their proprietary directory service may seem like the wisest choice. Its complicated interface is something many IT teams have grown accustomed to, so moving away from AD seems like an insurmountable undertaking. However, organizations ingrained within AD’s legacy infrastructure are limited in the resources they can manage natively, and the resources they can’t come with increased maintenance and costs without a seamless way to control access.


The trouble for most IT teams still comes down to authentication beyond Windows-bound applications. Years have passed since the introduction of cloud-based productivity suites like G Suite, and admins are still struggling to find the most effective way to manage user authentication to web-based applications while also maintaining a functional directory service.

IT admins oftentimes troubleshoot this issue by layering third-party SSO solutions to authenticate credentials to web apps. This layered method comes with increased costs, as admins have to pay for both Active Directory and the third-party add-on.

Cross-Platform Operating Systems

Much in the same sentiment as applications, Microsoft designed Active Directory to only authenticate users to their Windows-based, on-prem systems.

As such, organizations functioning with modern tools –– like Macs and Linux machines that are used both on- and off-prem –– can’t easily manage AD credentials for disparate systems. Once again, IT teams are limited to utilizing AD’s identity management capabilities specifically for Windows systems and typically layer add-ons to properly manage Mac and Linux machines. 

An Identity Management Solution for Modern Needs

So what exactly is wrong with layering solutions on top of Active Directory to make it authenticate to cross-platform operating systems and applications? The biggest hurdle that IT teams have to conquer with this method is maintaining these disparate identity providers. Then, they have to budget for the cost of both AD and additional software. For many, this approach is useful short-term, but it’s not sustainable, especially for organizations that tend to be inclusive of innovations within the IT community. 

In summation, Active Directory is becoming more costly and labor intensive with each new OS and web application release. For today’s IT infrastructure needs, AD can be combined with other services to make it work, but often at the price of practicality.

IT teams are eager to find an all-in-one solution that manages their systems, users, networks, and applications much in the way that AD used to. They tend to look for cloud-based identity and access management that services all their needs, including:

  • Cross-platform system management
  • Authentication to applications through LDAP and SAML
  • Authentication to networks through RADIUS
  • Server access and management

For organizations looking for the IAM capabilities of AD without the restriction to legacy hardware, there does exist a cloud directory service that authenticates users to the resources they need. 

JumpCloud Directory-as-a-Service

Organizations seeking to venture beyond legacy directory services, JumpCloud® Directory-as-a-Service® (DaaS) functions as the authoritative identity provider for all systems, applications, networks, and infrastructure.

Instead of layering a number of solutions to make your directory service work, DaaS delivers an advanced toolset that authenticates users across various platforms and protocols, from one centralized console. 

Interested in learning more? Check out our YouTube channel for tutorials, keynote speakers, and insight into DaaS implementation. Want to see DaaS in action? You can register for a personalized demo, or you and up to 10 users can sign up for free.

Kayla Coco-Stotts

Kayla is a content writer at JumpCloud with a B.A. in Print Journalism from the University of Kentucky. She hails from St. Louis, Missouri, and loves to eat good food and hike Boulder's beautiful trails when she is not writing.

Continue Learning with our Newsletter