As MSPs observe Microsoft®’s shift to the cloud, many are wondering whether Azure services could be helpful to their business, and ultimately, their clients. This post is an MSP’s guide to Azure® Active Directory®. It is critical for MSPs to understand Microsoft’s intent with Azure AD. It is easy to assume that Azure AD is a replacement to the on-prem Active Directory, but as we’ll explain, that isn’t the case.
Following the Azure Daisy Chain
Azure Active Directory is the user management system for Azure and a web application single sign-on (SSO) solution. Microsoft’s identity management strategy has been to encourage IT admins to utilize Active Directory on-prem with a domain controller to manage user access to on-prem Windows systems and applications. Admins are then expected to leverage Azure AD Connect to bridge the core identity on-prem to Azure AD. From there, the identity can be utilized by Azure AD DS (domain services) within Azure Compute, Office 365™, and with web applications.
When stepping back and looking at all of this architecture, MSPs should realize a few key points. The first is that Azure Active Directory is a user management solution for Azure and an SSO to web applications. Unfortunately, it struggles with IT resources beyond this scope, making it a lackluster solution to manage an entire enterprise. Secondly, Azure AD isn’t a replacement to the on-prem Active Directory identity management solution. As a Microsoft representative explained, “Azure Active Directory is not designed to be the cloud version of Active Directory.” Third, Azure Active Directory is one solution in a suite of identity and access management solutions (e.g. AD, Azure AD Connect, Azure AD DS, and more).
To recap, here are some key points to understand about Azure AD:
- Azure AD is a user management solution (not directory service)
- Not a replacement to on-prem Active Directory
- Azure AD is part of a suite of Microsoft IAM solutions
The Reality for Managing the Modern Office
For MSPs that are looking to manage user access to on-prem Windows® devices, macOS®, (Read more…)