Authenticating Windows Devices Against Azure Active Directory

By Greg Keller Posted October 3, 2016

Here’s a simple question: can you authenticate your user’s Windows laptops and desktops against Azure Active Directory?

Unfortunately, simple questions sometimes have complicated answers.

Microsoft’s marketing would have you believe that it is possible. Most IT admins would, at least, infer that it is possible, but the answer is that you cannot. Azure AD wasn’t designed to authenticate your on-prem devices regardless of whether those are Windows, Mac, or Linux.

Active Directory and Azure and Azure Active Directory

activedirecotry2

In truth, Azure AD wasn’t really created to be your core directory service. Active Directory is meant for that purpose. But as you know, Active Directory is for primarily Windows-based networks, and those systems should be located on-prem with the domain.

If you happen to use Azure, that’s when Azure AD comes in. AD federates its credentials to Azure AD which then controls the systems located at Azure. For those not using AD, you are out of luck. Or if all of your systems aren’t at Azure, you are out of luck as well. In fact, there really isn’t another way to authenticate your Windows devices in Microsoft’s model if you aren’t using AD.

Restriction-Free Authentication is Possible

hi res logos

Fortunately, there is an easier way to authenticate your Windows devices. For those of you shifting to the cloud and looking for a cloud-hosted directory service too, take a look at Directory-as-a-Service® from JumpCloud®. It solves the problem of authenticating your Windows machines regardless of where they are located. On-prem laptops and desktops can be authenticated as simply as Windows cloud servers hosted at Azure, AWS, or even your own data center. JumpCloud’s cloud directory doesn’t discriminate on location or platform. In fact, you get the same capabilities across your Mac and Linux machines.

Authenticating Across Platforms, Eliminating Active Directory

daas-landscape

Directory-as-a-Service functions as your unified cloud directory for systems, applications, and networks. Whether you are leveraging Office 365, Google Apps, AWS, Azure, Windows, or Mac, all of those platforms are treated as first-class objects in the cloud directory service. Actually, you don’t need to have Active Directory anymore.

If you are thinking about how to authenticate your Windows devices against Azure Active Directory, you are most likely struggling with the limitations of either Azure AD or with your move to the cloud. You don’t need to place those limitations on your infrastructure. Take a look at JumpCloud’s Identity-as-a-Service platform to solve your Windows authentication issues. Please feel free to give it a try for yourself. Your first 10 users are free forever.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts