Can you replace AD with Azure® AD? It’s a very common question for sysadmins and IT directors. With almost all of the IT environment moving to the cloud, there are a number of incentives to move the directory to the cloud too. Azure is Microsoft’s® foray into cloud-based directory services, and it’s reasonable to think that it could have all the capabilities of Active Directory® as the name implies. But the truth is more complicated than that.
Replace AD With Azure AD?
Can Azure AD actually be the complete replacement to AD that admins are looking for? Unfortunately, the short answer to this question is no. Azure AD is not a replacement for Active Directory. You don’t have to take our word for it though. Check out what a Microsoft representative said on this Spiceworks post.
Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It actually provides many more capabilities in a different way.
That’s why there is no actual “migration” path from Active Directory to Azure Active Directory. You can synchronize your on-premises directories (Active Directory or other) to Azure Active Directory but not migrate your computer accounts, group policies, OU etc.
As you can see here Azure Active Directory is an identity and access management solution for hybrid or cloud-only implementations. It can extend the reach of your on-premises identities to any SaaS application hosted in any cloud. It can provide secure remote access to on-premises applications that you want to publish to external users. It can be the center of your cross-organization collaboration by providing access for your partners to your resources. It provides identity management to your consumer-facing application by using social identity providers. Cloud app discovery, Multi-Factor Authentication, protection of your identities in the cloud, reporting of Sign-ins from possibly infected devices, leaked credentials report, user behavioral analysis are a few additional things that we couldn’t even imagine with the traditional Active Directory on-premises.
Even the recently announced Azure Active Directory Domain Services are not a usual DC as a service that you could use to replicate your existing Active Directory implementation to the cloud. It is a stand-alone service that can offer domain services to your Azure VMs and your directory-aware applications if you decide to move them to Azure infrastructure services. But with no replication to any other on-premises or cloud (in a VM) domain controller.
If you want to migrate your domain controllers in the cloud to use them for traditional task you could deploy domain controllers in Azure Virtual Machines and replicate via VPN.
So to conclude, if you would like to extend the reach of your identities to the cloud you can start by synchronizing your Active Directory to Azure AD.
Why Azure AD Can’t Replace AD
When you step back and think about Microsoft’s identity and access management strategy, it makes sense that you can’t replace AD with Azure AD. From a business perspective, Active Directory already has more market share than just about any solution they offer. The on-prem directory acts as a tie that binds a Microsoft network together. By providing a way for customers to shift to a cloud directory service, Microsoft would be opening up the door to potential customer loss.
Beyond the business perspective, there is also the technical capabilities to consider. Think of Azure AD as a user management platform for the Azure cloud platform, along with basic web application SSO capabilities. Where Azure falls short, is that it doesn’t really manage on-prem systems or resources. For example, on-prem Windows (except for Windows 10), Mac, and Linux systems can’t be controlled for user access or systems management. Further, non-Microsoft solutions such as AWS® and G Suite® are outside of the scope as well. There are a lot of resources that users need that can’t be touched by Azure alone.
As a result, if IT admins want to shift to a cloud identity management platform, they’ll need to replace Active Directory with something else.
Replace AD with JumpCloud Directory-as-a-Service
Fortunately, there is a cloud directory called JumpCloud Directory-as-a-Service® (DaaS) that can act as cloud replacement to AD. DaaS enables admins to have seamless management of users with efficient control over systems (Mac, Windows, and Linux), wired or WiFi networks (via RADIUS), virtual and physical storage (Samba, NAS, Box), cloud and on-prem applications (SAML, LDAP), local and cloud servers (AWS, GCE), and more. On top of that, It can also integrate seamlessly with Azure AD to create one core identity provider for an organization. It is truly the cloud forward directory that is built for the modern IT environment.
Want to learn more about how you can replace AD with JumpCloud Directory-as-a-Service? It’s as simple as signing up for a free account. JumpCloud offers all free accounts 10 users they can use forever, with no credit card info required. This grants the perfect opportunity for you to try out the platform and see exactly how it works for yourself. If you’d prefer to see a live demo, that’s an option as well. You can sign up for one here. Finally, if you ever have any questions about the cloud-based directory service, make sure you reach out to us. We are always happy to field any questions and help people better understand our product.
This is a Security Bloggers Network syndicated blog post authored by Jon Griffin. Read the original post at: JumpCloud