With more organizations looking to move their IT infrastructure to the cloud, admins are asking: Can I use Azure® Active Directory® for authentication? The short answer is yes, but it depends on what you need to authenticate to.
Authentication confirms that a user is actually who they say they are, and protects internal resources against unauthorized access. It’s essential for securing IT infrastructure, and with cybercrime on the rise, IT teams are evaluating the best option for secure authentication in the cloud.
Below we’ll discuss what resources Azure AD can natively authenticate users to and what resources it struggles with, as well as options for IT teams looking to troubleshoot gaps in AAD’s authentication coverage.
What is Azure AD?
Azure AD is a user management platform offered by Microsoft® that manages access to Azure infrastructure, Office 365™ (O365), and a selection of web applications. AAD is mainly meant to be used in conjunction with an existing on-prem Active Directory instance, though it can be used on its own.
By itself, it functions as a substrate identity and access management (IAM) solution with specific administrative capabilities. When used with Active Directory, Azure AD Connect federates AD credentials to Azure AD, ensuring that users can authenticate to web-based apps and Azure using their existing on-prem credentials.
Azure AD’s Native Authentication Capabilities
Natively, AAD authenticates user credentials to Windows® 10 Pro devices and select web apps. In conjunction with Azure AD Domain Services, it can create a login process for a domain of servers and applications hosted at Azure. Alone, however, AAD doesn’t authenticate to:
- Networks via RADIUS
- Other Windows systems (i.e. not Windows 10 Pro), macOS® machines, or Linux® servers hosted in AWS®, for example
- LDAP-based applications or file servers
Although it’s a useful solution for integrating Azure credentials with certain apps, AAD’s authentication properties often leave IT teams searching for other solutions (like OpenLDAP™ or FreeRADIUS) for authenticating to the rest of their IT environment.
However, IT teams can improve this workflow by tethering Azure AD to their on-prem existing directory (Read more…)