Why Azure® AD Is Lock-In?

By George Lattimore Posted February 11, 2019

Azure AD Active Directory (pic of locked gate)

There’s no doubt that in terms of market approach, Microsoft®s strategy is to play the long game. They’ve done that with Windows®, Office, and Active Directory®, to name just a few solutions that have dominated their respective spaces. Throughout all of the changes in IT and shifts to the cloud, Microsoft’s goal remains to dominate the market. Of course, that domination can unfortunately translate into less choice and more lock-in for end users and customers. In this article, we’ll talk about why Azure® AD is lock-in for customers and MSPs.

The Net of Active Directory®
Active Directory

The story of Azure Active Directory (AAD) really begins with its sister solution, the on-prem, legacy Active Directory platform. From the get go, Microsoft was brilliant in their approach to locking up the market with Windows, Office, and their other solutions. Windows was already quite dominant in the space, so when they decided to tie all Windows solutions together with Active Directory, it was an incredibly smart move. By providing IT admins with the ability to centrally control user access to Windows resources, it made it easier to manage Windows platforms. That reinforced purchasing more Windows solutions, which subsequently reinforced the value of AD to manage it all.

Microsoft rode this dominance all the way to the bank with record profits and market share. But, the IT landscape was quietly changing underneath. The internet was sparking a new revolution of IT solutions. Web applications from Salesforce and others started to chip away at the usefulness of legacy on-prem solutions. Data centers started to be replaced by AWS®. Google® introduced G Suite (formerly Google Apps) to shift email and productivity applications to the cloud. Apple®’s resurgence pushed Macs® into the mainstream and made the browser far more important. WiFi then made it more productive to work with laptops that users loved because they were with them all day long. All of these changes created havoc for IT admins and disrupted the pristine Microsoft network.

Pulling the Net to the Cloud

group policy objects

Of course, Microsoft didn’t just sit by the wayside and watch their market stronghold fall. They introduced Office 365™ to combat G Suite and Azure to hit back at AWS. Microsoft realized that the cloud train had left the station, and it wasn’t going to stop, so they needed to adjust their approach and get on board. But, they couldn’t lose the billions in profit that they generated from on-prem solutions, such as Windows Server and its Active Directory DS family of solutions.

In turn, they looked to extend to the cloud with Azure Active Directory. AAD wasn’t meant to be a replacement to AD, but rather a complement. Microsoft would control identities via their on-prem AD platform and connect them to Azure’s walled garden of compute, productivity, and web application SSO. A Microsoft identity would connect users to virtually whatever they needed as long as it was Microsoft-based (except for web applications). The playbook was alive and well. IT admins and organizations could seamlessly leverage their on-prem identity management infrastructure to connect to Azure solutions, first and foremost. And, Azure AD identities would work with Azure, Office 365, Windows 10, and select web applications.

Needing the Freedom to Choose

Microsoft and Azure

For all Microsoft and Azure organizations, this seamless integration works incredibly well. For those that leverage AWS, G Suite, macOS® and Linux®, non-Windows file servers, WiFi, and more, this smells a lot like Azure AD locking-in organizations for another two decades.

With the changing IT landscape, the good news is that IT organizations are leveraging a wider range of platforms. This requires a different set of IT management tools, and specifically, it involves the core identity provider. Although historically, Microsoft has dominated the on-prem directory services space, it looks as though the cloud identity management space will be wide open with IT organizations choosing the best solutions that meet their needs.

A Platform-Neutral Identity Provider

Identity Provider IdP


JumpCloud® Directory-as-a-Service® is providing an outlet to escape vendor lock-in. The platform allows organizations and businesses to use one identity for access and authentication to virtually any resource needed, regardless of platform (Mac, Linux, Windows), protocol (LDAP, SAML, RADIUS), location, or provider (G Suite, O365, Salesforce, etc.). If you’re interested in hearing more about why Azure AD is lock-in, or how JumpCloud can give you a 100% cloud-based alternative, drop us a note. One of our experts will be happy to follow up and talk with you more. Please note that your first 10 users are completely free, so you can sign up and get started exploring all that JumpCloud has to offer—free of charge.

George Lattimore

George is a writer at JumpCloud, a central source for authenticating, authorizing, and managing your IT infrastructure through the cloud. With a degree in Marketing and an MS in Public Communications and Technology, George enjoys writing about how the IT landscape is adapting to a diversified field of technology.

Recent Posts