Connect Macs® to Azure® Active Directory®

Azure Active Directory macOS

Is it possible to connect Macs® to Azure® Active Directory® (Azure AD)? The short answer is, not really. Azure AD is meant to be a user management system for Azure infrastructure, as well as a web application single sign-on (SSO) solution. Apple® is Microsoft’s® direct competitor. So, it’s unlikely that Azure AD will be offering support for Macs anytime soon. The good news is that a next generation identity provider (IdP) is making it easy to leverage Azure AD credentials for Mac systems.

Mac and Azure AD: What’s All the Fuss About?

Generally, Microsoft has advised their customers to leverage the on-prem Active Directory (AD) platform as the core IdP. More recently, they recommended adding the cloud-based Azure AD to complement AD on-prem. IT organizations would connect the legacy AD to Azure AD via Azure AD Connect, which is an identity bridge between the two. Identities stored in AD would then be federated to Azure AD and then subsequently Azure AD DS for use within Azure, and could extend to various web applications.

AD + Azure AD Connect + Azure AD + Azure AD DS can have positive results for IT organizations that primarily leverage Windows® resources and Azure infrastructure. The challenge for IT admins arises when non-Windows resources are in use, either on-prem or in the cloud. A few examples of non-Windows IT resources are macOS® and Linux® systems, or perhaps AWS® cloud infrastructure. For these use cases, IT admins often end up having to purchase a number of third-party add-ons to AD, and now to Azure AD as well.

For example, IT admins will need Azure AD Connect just to connect AD and Azure AD. Next, they need a directory extension for Macs, and probably Linux too. Many IT organizations also leverage AWS cloud infrastructure. So, add in a privileged identity management (PIM) solution. Then, IT admins need to secure their networks. So, add in a two-factor authentication (2FA) solution and perhaps a RADIUS server. Each sold separately. This pattern repeats itself over and over in AD environments as (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Ryan Squires. Read the original post at: