Active Directory (AD) is Microsoft’s on-premises solution for managing network access, including user logins, profiles, hierarchies, and devices. It’s been an industry standard for over twenty years. Most organizations currently using Microsoft Office are also using Active Directory.
Azure – Microsoft’s SaaS product for building and managing Microsoft solutions in the cloud – was released in 2010, with Azure AD being the cloud counterpart to Active Directory. Since then, IT peeps have been wondering if Azure AD will eventually render the OG AD obsolete.
Is AzureAD an exact cloud replica of Microsoft Active Directory? Or is it something different altogether? Let’s take a look at both solutions and see if Azure AD is actually capable of replacing the on-premises version.
As the name implies, ActiveDirectory is an on-premises database directory that acts as a detailed catalog of every computer, printer, laptop, server, application, group, and user linked to an organization’s network. Using a domain controller, Kerberos, NTLM, andLDAP, Active Directory monitors and authenticates sign-ins and access levels for all employees.
Azure AD is a cloud version of MicrosoftAD used to authenticate logins for cloud applications and allows for single-sign-on access to other commonly used SaaS apps such as Slack andSalesforce. However, Azure AD is not a domain controller. Therefore, it doe snot have the full capability of the original Active Directory. Servers cannot be added to Azure AD. There is no group policy function with Azure AD. No support is available for Kerberos, LDAP, or NTLM. You can synchronize your current on-premises AD to Azure AD, but there isn’t a migration path from one to the other.
Azure AD can work in tandem with Microsoft AD to manage access to SaaS and other cloud applications, but it cannot handle your on-premises operations. The exception to this would be if your business is utilizing cloud-based applications exclusively and has no real on-premises operations (i.e., the entire workforce is remote.) Then you could get away with just using Azure AD.
The short answer is no. Not yet anyway. Azure AD is not actually a cloud replica of the original.
Replace is the key here – it is possible to replace on-premises AD with Azure AD as long as you don’t have legacy applications that require a local domain controller. It’s also possible to replace some Group Policy functionality with Microsoft InTune.
However, Azure AD can only be used to manage identity and access management for (IAM) for cloud-hosted applications. Likewise, the on-premises version of Active Directory can only be used to manage IAM for applications and services that are hosted on-prem.
In many cases, when a company goes through a divestment (splitting into multiple, separate companies), the new environments can be Azure AD only as they can setup as greenfield and don’t need to bring forward the on-premises infrastructure. There are also scenarios where it’s desirable to move away from on-premises infrastructure and Microsoft365 and Azure AD allow you to do that.
Until you can go 100% cloud, your best bet is to use the two solutions together to handle access-management for both cloud and on-premises applications. This approach will allow your IT team to assign only one password to users for both portions of your M365 deployment, which will not only improve the overall user experience, it will also reduce the demand placed on your help desk admins for password resets and the like.
For hybrid deployments of M365, Microsoft provides a native tool, called Azure AD Connect, that allows you to connect your on-prem AD instance with the Azure AD instance associated with your M365 tenant.
However, this approach requires standing up and maintaining additional servers in your data center that handle the process of syncing information from your local data center to the cloud. Moreover, Azure AD’s slow sync times can cause IT bottlenecks when large batches of automated processes run.
CoreView provides an alternative is much faster at syncing on-prem data to the cloud, which is only one of its many benefits. In addition to reducing the time it takes to sync data between your datacenter and the cloud, CoreView also provides access into both on-premises and cloud instances of M365 through a “single pane of glass,” which dramatically reduces the required level of expertise for your IT team to manage both portions of your environment effectively.
Microsoft’s Active Directory (AD) and AzureActive Directory products provide very similar functionality; however, they a reach designed to be used with different varieties of M365 deployments.Specifically, AD is designed to manage access to M365 deployments that live in your on-prem datacenter. Conversely, Azure AD is designed to manage access to your cloud-hosted Microsoft resources.
Generally speaking, organizations won’t transition completely from on-prem to cloud-hosted M365 tenants in a single pass. It is much more common for this transition to happen in phases over time.During this transition period, the organization will be operating a hybrid deployment of M365 – or one that is hosted both in a local datacenter and in the cloud simultaneously.
In cases such as these, your IT team will need to use a combination of AD and Azure AD to manage all aspects of your M365deployment. And while Microsoft offers native tooling to make this possible, it can be quite slow to sync data between the local and cloud-hosted portions o fyour M365 tenant, and it is inherently complex to manage, because IT teams will need to interact with both AD and Azure AD resources.
CoreView offers much faster sync times, and it dramatically reduces the complexity of managing a hybrid M365 deployment, because all aspects of the environment – those hosted on-prem and those hosted in the cloud – can be managed through a single, intuitive, web-based user interface, which will allow your IT team to manage your hybrid M365 deployment much more easily and effectively.