A common question that we hear from admins is whether or not Azure® Active Directory® is a SaaS version of directory services. It’s a great question, and there is no doubt that Microsoft is pushing its customers to leverage Azure AD as a cloud directory. But can it act as a full fledged replacement to an on-prem directory?
The core of this question is really if Azure AD is a cloud version of Microsoft Active Directory (or as some like to say Active Directory as a Service). The short answer is no. Azure AD is not a replacement for Active Directory, and it was never intended to be. As a matter of fact, you can see in this spiceworks thread a Microsoft representative explaining just that. This perspective of Azure being a cloud AD has come from what many admins wish the product could do, not what it actually can.
It’s clear that Microsoft’s directory services strategy still firmly places AD at the center of their world. As can be seen in the above mentioned spiceworks thread, Azure AD is more of a user management platform for Azure services such as O365, Azure’s IaaS offerings, and often for some Windows 10 situations.
Azure, AD, & Microsoft Lock-In
While Microsoft’s goal has been to shift much of their infrastructure to the cloud, they still recommend that IT organizations leverage AD on-prem. This is because it is the crux of their lock-in strategy. The legacy AD server is often needed on-prem to enable IT admins to manage their Windows device fleet, serve as the domain controller to enable access to other Windows applications, and to be the core identity provider that can federate identities to other identity management solutions. With all of these uses, Active Directory has become the stranglehold that Microsoft has over the back office infrastructure, and moving the directory to the cloud would change that.
This is why Azure AD just becomes an adjunct to AD. Microsoft wants to keep their customers with one foot on prem, in order to keep them locked into AD and Windows machines. Because of this, many organizations are beginning to be interested in a SaaS directory services approach. Admins are starting to look to a new generation of cloud identity management solution, namely Directory-as-a-Service®.
Real SaaS Directory Services
As a SaaS alternative to Azure AD, this modern IDaaS solution is securely connecting users to the IT resources they need, regardless of platform, protocol, provider, or location. Not only that, but it’s doing it all from the cloud. With the SaaS directory, admins can manage access and authenticate users to their systems (Windows, Mac, Linux), web and on-prem applications (SAML, LDAP), cloud and local servers (GCE, AWS), physical and virtual storage (Samba file storage, NAS devices, Box, Dropbox), and wireless and wired WiFi via RADIUS. Directory-as-a-Service is a great fit for organizations with heterogeneous environments, multiple locations, and frequent onboarding/offboarding.
If you would like to learn more about SaaS Directory Services and Azure Active Directory, reach out to us. We would be happy to answer any questions that you might have about the topic, and to demonstrate how the functionality works. Alternatively, if you would like to get into the product yourself, you can also sign up for a free account. We offer 10 free users forever, with no credit card required, so there’s no reason not to give it a shot. Sign up today and see what a modern directory looks like!
This is a Security Bloggers Network syndicated blog post authored by Jon Griffin. Read the original post at: JumpCloud