Admins have been looking for a cloud version of Active Directory® for a while. Many think of Azure® as just that. But is a virtual Azure Active Directory instance really a cloud-based version of AD? The short answer is no, a virtual AAD isn’t a replacement for Active Directory. In fact, Azure AD is really just an extension of the on-prem AD.
What Does AAD Actually Do?
Azure Active Directory is really meant to be a user management system for Azure, and to be a web application single sign-on solution. Identities are populated into the cloud version of Active Directory from the legacy Active Directory instance on-prem. The on-prem identities can then be leveraged for Office 365, Azure compute services, and web applications. However, it does not act as a replacement to AD. In fact, one of Microsoft’s representatives confirmed this himself in a Spiceworks post.
“Even the “Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide exactly the same capabilities with AD. It actually provides many more capabilities in a different way.
“That’s why there is no actual “migration” path from Active Directory to Azure Active Directory. You can synchronize your on-premises directories (Active Directory or other) to Azure Active Directory but not migrate your computer accounts, group policies, OU, etc.
“As you can see here, Azure Active Directory is an identity and access management solution for hybrid or cloud-only implementations. It can extend the reach of your on-premises identities to any SaaS application hosted in any cloud. Azure AD can provide secure remote access to on-premises applications that you want to publish to external users. It can be the center of your cross-organization collaboration by providing your partners access to your resources. And it provides identity management to your consumer-facing application by using social identity providers. Cloud app discovery, multi-factor authentication, protection of your identities in the cloud, reporting of sign-ins from possibly infected devices, leaked credentials report, and user behavioral analysis are a few (Read more...)
*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Jon Griffin. Read the original post at: https://jumpcloud.com/blog/virtual-azure-active-directory/