Managed Service for Microsoft Active Directory can be used to connect an organization’s local Active Directory to Google’s cloud-based service in a “hybrid” scenario, or organizations can just use the cloud-based identity and access service directly. Traditional capabilities and tools, such as Group Policy and Remote Server Administration Tools, can be used with the service.
Various AD tasks can be automated using Google’s service, per the announcement:
You can use the service to simplify and automate familiar AD tasks like automatically “domain joining” new Windows VMs by integrating the service with Cloud DNS, hardening Windows VMs by applying Group Policy Objects (GPOs), controlling Remote Desktop Protocol (RDP) access through GPOs, and more.
The service uses “actual Microsoft AD” that Google manages for organizations, hosting it on the Google Cloud Platform. The service is described as being “virtually maintenance free” for organizations. It also uses “real Microsoft AD Domain Controllers.”
Google is touting its Managed Service for Microsoft Active Directory as being supported by a multiple-region datacenter infrastructure. It’s possible to connect between regions using Google’s Virtual Private Cloud connections, which don’t use the public Internet.
Google’s pricing for the service can be found at this page. It suggested it might cost about $288 per month to use Managed Service for Microsoft Active Directory within a single region.
The service, which took Google about two years to develop, seems to directly compete with Microsoft’s Azure Active Directory service, although Microsoft gets licensing revenue.
Google’s Managed Service for Microsoft Active Directory previously was at the beta release stage back in August. About that time, Google had suggested that it planned to issue a service-level agreement for it when the service had reached the general availability stage. That info, though, wasn’t apparent, at least in Google’s announcement.