Device Management in Azure® Active Directory®

Device Management in Azure Active DirectoryIs there device management in Azure® Active Directory®? Well, sort of, but it’s probably not the device management setup you’re hoping for. Most people think of device management as GPOs (group policy objects) or SCCM for Windows machines, and unfortunately, that’s not really how Microsoft® Azure thinks of device management. However, before we discuss how Azure manages devices, let’s first walk through what Azure Active Directory can do in full.

What Can Azure Active Directory Do?

Active Directory fails in the cloudWhile Microsoft has labeled Azure Active Directory as a cloud directory platform, most IT organizations have come to realize that Azure AD isn’t anywhere close to being Active Directory in the cloud. It’s really more of a complement to the on-prem directory service, Active Directory. Azure AD can manage user access to Office 365™ and a few web-based applications, but this Spiceworks post reveals Azure AD doesn’t offer the ability to manage computer accounts, group policy objects, organizational units, and more. These are identity management features that many have come to depend on with Active Directory. If Azure AD doesn’t have these capabilities, then what should IT admins expect when it comes to managing devices with Azure Active Directory?

Managing Devices with Azure AD

So, for organizations thinking about device management in Azure Active Directory, what should their expectations be? Generally, IT organizations should look at it in a much more simple context – a device can be “registered” with Azure AD. Registration means that Azure AD will look to authenticate the device when a valid user has signed into the device. Ultimately, the goal with registration is to work within the BYOD concept. Your user identity is controlled globally, so when a user leverages their own device, you will be able to know that their device is valid to join your Azure AD ‘domain’. But this concept isn’t what most have in mind when it comes to system management. The concept of tightly managing Windows systems similar to on-prem GPOs from AD is really left to a different solution, Microsoft Intune.

For many organizations that want to shift to cloud (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Natalie Bluhm. Read the original post at:

Natalie Bluhm

Natalie is a writer for JumpCloud, an Identity and Access Management solution designed for the cloud era. Natalie graduated with a degree in professional and technical writing, and she loves learning about cloud infrastructure, identity security, and IT protocols.

natalie-bluhm has 136 posts and counting.See all posts by natalie-bluhm