Image credit: Microsoft Replace AD with Azure AD? B2B collaboration is also intended to serve as a gateway to apps that are provided by Microsoft or hosted in Azure, positioning its products and services as its first-class citizens. SMEs must pay more for the appropriate number of Azure AD Premium P2 licenses for entitlement management. For example, fees are assessed to federate using AAD using non-Microsoft identities. Costs increase when SMEs are pulled deeper into the Azure platform and require interoperability with directories that fall outside of the Microsoft ecosystem. It’s broken up into tiers, and services are behind paywalls. Unlike AD, there is no single AAD platform. Considering that it’s not even possible to abide by Microsoft’s best practices for AAD without subscribing to Premium tiers, AAD may be a mismatch for small and medium-sized enterprises that have foundational needs. The breadth of configurations and options may be fitting for enterprises that have considerable resources to support deployments. The permutations of products and challenges of migrating from Active Directory to the cloud have given rise to a cottage industry of consultants for implementation and planning. A Microsoft-Centric ModelĪAD is the cornerstone of Microsoft’s portfolio of identity, compliance, device management, and security products, because it provides a common identity for Azure, Intune, M365, and more. The significance of that is explored in greater detail below the fold where federation is discussed. For example, group management with role-based access control (RBAC) isn’t included with the free tier of AAD, but it’s usually required to implement the Azure platform. Licensing is complicated and a gated licensing model keeps useful features behind a paywall. Guest users are priced on a 1:5 licensing basis. One benefit to AAD is that it can manage non-Microsoft identities, but there are additional fees for multi-factor authentication (MFA) for monthly active users. AAD doesn’t manage your devices and it lacks interoperability with those protocols. Assembling equivalent capabilities to AD DS and NPS server roles requires purchasing the right SKU or separate Azure services from AAD. Even organizational units are replaced by another model called administrative units, which works very differently from AD. Familiar concepts such as GPOs are replaced by Intune and Microsoft Endpoint Manager. AAD doesn’t incorporate the full features of Active Directory and lacks support for authentication protocols including LDAP and RADIUS without an additional subscription. It connects Active Directory users with Microsoft Azure services, and is easier to implement than Active Directory Federation Services ( AD FS) for single sign-on (SSO). Azure AD’s True PurposeĪAD was created to extend Microsoft’s presence into the cloud. Let’s begin by examining what AAD is and why it’s not a direct replacement for AD. It just happens to be Microsoft’s path to retain AD customers. In essence, migrating to AAD is similar to adopting another platform than AD. Many organizations find themselves at this inflection point and may not realize that Microsoft doesn’t have to remain central to identity and device management. For instance, Google and JumpCloud have joined together to offer an alternative solution. This article outlines how AD and AAD differ and what options SMEs have for modernization as they make the transition away from AD as their core directory. This limits optionality, even though many non-Microsoft resources can be managed by M365 services. AAD is a separate platform that can lock customers into a new Microsoft ecosystem. It’s reasonable to assume that it would have all the capabilities of Active Directory ® (AD), as the name implies, but the truth is more complicated than that. Microsoft’s Azure Active Directory (AAD) is a cloud directory that underpins Microsoft 365 (M365) subscription services. Its path to the cloud can be unwieldy and expensive: small and medium-sized enterprises (SMEs) can be confronted with complex licensing and difficult implementations. Microsoft even offers incentives to move your core directory to its services. It’s very common for IT professionals to ask, “Can I replace Microsoft Active Directory with Azure Active Directory?” That’s especially true when the bulk of modern IT environments reside in or are migrating to the cloud. JumpCloud: Extend or Replace Azure Active Directory.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |