Identity Management – Office 365
Repeat after me: Microsoft’s Azure Active Directory service is not the same thing as Microsoft’s Active Directory service. This is a very important distinction that everyone in the IT community who’s messing with “the cloud” needs to memorize. Seriously. It’s that important.
Classic Active Directory is a Windows service that authenticates and authorizes users and computers in a Windows domain network. It also enforces the security policies that the domain admins put in place to regulate certain activities. The AD that we all know and love is built on LDAP, Kereberos, and DNS, and it’s been around for over fifteen years. It’s a well-known quantity. Odds are that you can find a sysadmin with decent AD management experience in every major business center on the planet.
Azure Active Directory is another beast entirely. Microsoft built Azure AD for their Office 365 cloud service platform and expanded it to serve all of the other Azure products. It’s far more than just an LDAP solution – it empowers a bunch of interesting new features that conventional LDAP can’t do, like allow Single Sign-On for both on-premise and cloud-based services. Better yet, there are a bunch of enterprise applications that integrate seamlessly with Azure AD for managed SSO services, including Citrix, Dropbox, Salesforce, ServiceNow, and even (strangely enough) Google Apps.
The primary way this works is to “federate” your conventional Windows domain AD service with Microsoft’s Azure AD service. Essentially, this means that you’re integrating your existing database of users, machines, policies, and what-not from a classic Active Directory deployment with Azure so that you can manage your extended (conventional and cloud) AD solution from Azure. Federating your AD solution gives your company the ability to take advantage of all of Microsoft’s Azure services in whatever order and under whatever timeline you like, all with a common identity management solution.
This isn’t free, by the way; it’s paid service that comes free with a paid-for Azure account. This shouldn’t come as a surprise. On the other hand, it isn’t a bank-breaking endeavor. Is it worth getting? In many cases, yes, it is. The Azure AD service line includes features like device registration, self-service password management, and Role-Based Access Controls. These are all things that used to require a bunch of different specialty providers. That’s what makes the Azure AD option so attractive to small and medium businesses: you get the expensive, “enterprise-grade” services built in to a low-cost, Whatever-as-a-Service solution.
The downside of Azure AD is that migrating to a hybrid cloud environment takes careful planning, especially when it comes to security design and management decisions. That’s where a trusted security partner becomes invaluable; if you’re inclined to take advantage of Microsoft’s offering, you need to do it right the first time. Get some help from an experienced Azure integrator to make sure you don’t overlook something critical.
The Fulcrum Difference
At Fulcrum Technology Solutions, we differentiate ourselves from other technology- and business-consulting firms with a unique guarantee: when you hire Fulcrum, we commit to finish the job. Whether working under a time-and-materials contract or a cost-plus arrangement, we will not leave until we’ve delivered exactly what we said we’d do. Our word defines us, and motivates us to give you the service that you deserve!