Is there device management in Azure® Active Directory®? Well, sort of, but it’s probably not the device management setup you’re hoping for. Most people think of device management as GPOs (group policy objects) or SCCM for Windows machines, and unfortunately, that’s not really how Microsoft® Azure thinks of device management. However, before we discuss how Azure manages devices, let’s first walk through what Azure Active Directory can do in full.
What Can Azure Active Directory Do?
While Microsoft has labeled Azure Active Directory as a cloud directory platform, most IT organizations have come to realize that Azure AD isn’t anywhere close to being Active Directory in the cloud. It’s really more of a complement to the on-prem directory service, Active Directory. Azure AD can manage user access to Office 365™ and a few web-based applications, but this Spiceworks post reveals Azure AD doesn’t offer the ability to manage computer accounts, group policy objects, organizational units, and more. These are identity management features that many have come to depend on with Active Directory. If Azure AD doesn’t have these capabilities, then what should IT admins expect when it comes to managing devices with Azure Active Directory?
Managing Devices with Azure AD
So, for organizations thinking about device management in Azure Active Directory, what should their expectations be? Generally, IT organizations should look at it in a much more simple context – a device can be “registered” with Azure AD. Registration means that Azure AD will look to authenticate the device when a valid user has signed into the device. Ultimately, the goal with registration is to work within the BYOD concept. Your user identity is controlled globally, so when a user leverages their own device, you will be able to know that their device is valid to join your Azure AD ‘domain’. But this concept isn’t what most have in mind when it comes to system management. The concept of tightly managing Windows systems similar to on-prem GPOs from AD is really left to a different solution, Microsoft Intune.
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Natalie Bluhm. Read the original post at: https://jumpcloud.com/blog/device-management-in-azure-active-directory/