Does Azure Active Directory® (AAD or Azure AD) competition exist out there that is actually worth considering? Well, while the answer here depends on the needs of the IT environment in question, the overarching answer is a resounding yes. Why? Let’s take a quick dive into Azure AD’s strategy and functionality to uncover some key criteria for evaluating its competition.
AD vs AAD: Seeing the Forest for the Trees
As Microsoft has acknowledged in the past, there is a great deal of confusion surrounding the on-prem Active Directory and cloud-based Azure AD—and when to use each solution. That confusion initially stems from the fact that Microsoft® used the same label (i.e., Active Directory) for both solutions, even though AAD is fundamentally not a replacement for AD. In fact, Azure AD is largely a complementary platform to AD and a cloud extension to the legacy, on-prem identity provider.
How does this work though? Well, AAD is essentially a user management system for Azure infrastructure services and a web application single sign-on (SSO) platform. From Microsoft’s perspective, the ideal reference architecture for identity and access management (IAM) within an organization is Active Directory on-prem as the authoritative source of truth for an identity. Then, Azure AD acts as the extension for cloud and web resources, daisy chained together to AD by Azure AD Connect. Each one of these Microsoft solutions requires its own license.
Moving Forward with a Flexible Alternative
For solely Microsoft and Azure-based IT organizations, the AD + Azure AD approach makes a great deal of sense. But, for modern IT organizations that are leveraging a wide range of non-Windows®-based solutions (i.e., the vast majority), this Active Directory-centric approach doesn’t work well. It lacks the flexibility and management practicality needed to support the diverse array of resources today’s employees demand.
Thankfully, the result of this limitation is that real competition is emerging, not only for Azure Active Directory, but AD as well. In fact, a next-generation cloud identity management approach is effectively eliminating the need for on-prem AD while also extending (Read more...)