There is some belief amongst those in the IT industry that Azure®Active Directory® is a replacement to the on-prem, legacy identity provider Active Directory®. Confusion surrounding the Active Directory (AD) family of products makes sense, given they share the same Active Directory namesake. So, let’s make this simple: if you actually replace on-prem AD with Azure AD you won’t be getting the same functionality from the cloud. Or, a bit more precisely, Azure AD DS is not a replacement for AD DS.
Extend or Replace On-Prem AD with Azure AD?
Azure Active Directory is not an outright replacement for Active Directory. Rather, it is a complement to the legacy AD. Think of Azure AD as an extension of your on-prem identities out to the Azure cloud.
For more on this, you can read about the perspective on Spiceworks, where Microsoft representatives share further details about the AD and Azure AD strategy (emphasis ours):
“Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It actually provides many more capabilities in a different way.
“That’s why there is no actual “migration” path from Active Directory to Azure Active Directory. You can synchronize your on-premises directories (Active Directory or other) to Azure Active Directory but not migrate your computer accounts, group policies, OU etc.
“As you can see here Azure Active Directory is an identity and access management solution for hybrid or cloud-only implementations. It can extend the reach of your on-premises identities to any SaaS application hosted in any cloud. It can provide secure remote access to on-premises applications that you want to publish to external users. It can be the center of your cross-organization collaboration by providing access for your partners to your resources. It provides identity management to your consumer-facing application by using social identity providers. Cloud app discovery, Multi-Factor Authentication, protection of your identities in the cloud, reporting of Sign-ins from possibly infected devices, leaked credentials report, user (Read more…)
Reference: https://securityboulevard.com/2019/03/replace-on-premises-ad-with-azure-ad/