Group Policy Objects (GPOs) are an important part of the Microsoft Active Directory® platform. GPOs grant IT admins a method to enforce various policies over an organization’s systems, allowing for a higher standard of security. Back when AD was released at the turn of the century, the ability to manage Windows devices via GPOs was a significant step forward for IT organizations. Now, as many IT management tools are moving to the cloud, IT admins have begun to wonder if the concept of SaaS GPOs (Group Policy Objects) is available.
Old IT and GPOs
When Microsoft introduced Active Directory, the IT landscape was very different than it is today. Windows was the dominant platform in the enterprise, and virtually all IT resources were on-prem. Microsoft realized that IT admins not only wanted to manage user access to Windows devices and applications, but they also wanted to manage the Windows devices themselves.
As a result, Microsoft added the concept of GPOs to AD. As mentioned, the idea was to give IT admins the ability to run commands, scripts, and policies on devices. These policies could be used to increase security, update software, and conduct routine maintenance tasks. Over time IT admins came to rely on GPOs as a key part of their IT management infrastructure.
GPOs Lose Coverage Over the Enterprise
Over time, the IT landscape changed. The all Windows network started to shift to include Mac and Linux devices. In fact, it is now estimated that only one in five devices is a Windows machine [Forbes]. So, the challenge for IT organizations became figuring out how to manage a heterogeneous IT environment.
Unfortunately for admins, the changes didn’t stop there. Web applications and cloud infrastructure became quite popular. WiFi started to change how IT organizations looked at their network and security. Changes in the way work got done were rapidly shifting IT, and the result was that Active Directory and its ability to manage Windows users and devices started to fail. Without the ability to support Macs and Linux systems on its own, and the lack of native support for cloud apps and RADIUS setups, IT admins began to have a number of challenges with AD appear. Solutions popped up that could fill in the gaps for AD, but it meant more expenses, more complexity, and more work for IT admins, but still required AD!
Are SaaS GPOs Possible?
It became clear that a new user and system management approach was needed. This new, modern approach to directory services needed to be cross-platform, multi-protocol, provider independent, and location agnostic. JumpCloud’s Directory-as-a-Service® is taking aim at solving this problem. In addition to connecting users to the IT resources they need, IT admins can now leverage a SaaS GPO like capability that cuts across all three major platforms – Windows, Mac, and Linux. From one central, cloud-based directory service, an entire IT environment can be managed through remote policy execution, scripts, and commands. On top of that, audit logging is available to understand success or failure of the action, and IT admins can set password policies, map network drives, enforce screen locks, and disable USB ports among other tasks.
The concept of SaaS GPOs can greatly enhance an IT organization’s ability to manage their cross platform environment. If you don’t believe us, check it out for yourself. You can sign up for a free account of our centralized directory, and see first hand how the SaaS GPO like capability can help you avoid all of the challenges of AD. Alternatively, if you would like to learn more about how the SaaS GPOs work, feel free to reach out to us. We would be happy to answer any questions you have on the matter.
This is a Security Bloggers Network syndicated blog post authored by Jon Griffin. Read the original post at: JumpCloud