Azure® Active Directory® is Microsoft®‘s move to build a cloud-based directory service. From reports, it is a completely separate solution from the on-premises Active Directory®, but is compatible with it. In most cases, for organizations to leverage Azure Active Directory, an on-premises Active Directory instance is needed for user syncing. The primary role of Azure Active Directory is to be the user authentication infrastructure for Azure, Microsoft’s cloud solution that provides compute and application infrastructure.
Azure Active Directory: Tailor-made for Windows
Azure Active Directory enables organizations to authenticate, authorize, and manage user access to Azure server instances, Office 365™ applications, and other Azure services. Azure AD also enables organizations to have single sign-on access to thousands of applications. With Azure Active Directory, Microsoft is pushing to move directory services to the cloud, but also integrating other key areas into their platform. These areas include single sign-on (SSO), domain controller services, and integration with multiple protocols.
Microsoft has embraced the definition of a true cloud-based directory service and is working hard to deliver that to their customers. Of course, like any solution with Microsoft, it is highly tailored to Windows® and Windows-based infrastructure. Also, Microsoft has not been willing or able to eliminate the on-premises directory service. This means that most organizations will need to have an on-premises AD instance to manage their on-prem infrastructure while leveraging a second directory instance—Azure AD—for their cloud infrastructure and applications. If organizations are leveraging Mac® or Linux® platforms, it’s very difficult for them to centrally manage those device types. If G Suite™ is in the picture versus Office 365, then that is also problematic. In short, Azure Active Directory is a significant step forward for Microsoft with their version of a cloud-based directory, but it continues to tie organizations to Microsoft.
Directory-as-a-Service®: The Global Solution
The concept of a vendor independent cloud-based directory has been pioneered by the JumpCloud® Directory-as-a-Service® (DaaS) platform. DaaS is a cross-platform cloud service providing support for authentication, authorization, and device management for Windows, Mac, and Linux devices and users. The platform supports multiple identity authentication protocols such as SAML, RADIUS, LDAP, and more. The central user store serves as the core directory for any type of platform, application, or network, including non-Microsoft services such as G Suite. The vendor agnostic DaaS ensures that organizations are not locked into Microsoft solutions, but can leverage them as appropriate.
Organizations will be at an interesting crossroads over the next few years. They will need to decide whether to be locked into Microsoft platforms for the next decade or two, or if they will need to branch off and be vendor independent. With fundamental shifts in the IT landscape to more device platforms, microservices for applications, and perimeter-less networks, it will be a tough choice for IT admins.