SaaS Directory Services: Azure® Active Directory®?

SaaS Directory Services

A common question that we hear from admins is whether or not Azure® Active Directory® is a SaaS version of directory services. It’s a great question, and there is no doubt that Microsoft is pushing its customers to leverage Azure AD as a cloud directory. But can it act as a full fledged replacement to an on-prem directory?

SaaS AD?

SaaS directory service

The core of this question is really if Azure AD is a cloud version of Microsoft Active Directory (or as some like to say Active Directory as a Service). The short answer is no. Azure AD is not a replacement for Active Directory, and it was never intended to be. As a matter of fact, you can see in this spiceworks thread a Microsoft representative explaining just that. This perspective of Azure being a cloud AD has come from what many admins wish the product could do, not what it actually can.

It’s clear that Microsoft’s directory services strategy still firmly places AD at the center of their world. As can be seen in the above mentioned spiceworks thread, Azure AD is more of a user management platform for Azure services such as O365, Azure’s IaaS offerings, and often for some Windows 10 situations.

Azure, AD, & Microsoft Lock-In

GDPR security

While Microsoft’s goal has been to shift much of their infrastructure to the cloud, they still recommend that IT organizations leverage AD on-prem. This is because it is the crux of their lock-in strategy. The legacy AD server is often needed on-prem to enable IT admins to manage their Windows device fleet, serve as the domain controller to enable access to other Windows applications, and to be the core identity provider that can federate identities to other identity management solutions. With all of these uses, Active Directory has become the stranglehold that Microsoft has over the back office infrastructure, and moving the directory to the cloud would change that.

This is why Azure AD just becomes an adjunct to AD. Microsoft wants to keep their customers with one foot on prem, in order to keep them locked into AD and Windows (Read more...)

*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Jon Griffin. Read the original post at:

Jon Griffin

Jon Griffin works as a writer for JumpCloud, an organization focused on bringing centralized IT to the modern organization. He graduated with a degree in Professional and Technical Writing from the University of Colorado Colorado Springs, and is an avid learner of new technology from cloud-based innovations to VR and more.

jon-griffin has 169 posts and counting.See all posts by jon-griffin