Padlock on a computer keyboard

Microsoft Azure Active Directory – Your Questions Answered

Active Directory – Microsoft’s cloud-based identity management process which instantly connects your users’ devices and accounts to the resources they need.

How Did Microsoft Active Directory Used To Work?

Previously, before Azure, Microsoft Active Directory existed on Microsoft servers housed in physical company offices, referred to as ‘on-premise’ in technological jargon. Microsoft Active Directory, in its most basic form, is a database of users, devices, and entities that manages network resource access. When new users and computers were connected to the network, they were added to Active Directory on the physical server, and when the user logged in, Active Directory provided the user with the resources that the user and machine were permitted to use.

It also enabled users to log in to any server-connected computer, since the machine logs into Active Directory on the server rather than the local machine itself.

Microsoft Active Directory Today
These days, many businesses do still use on-premise servers with Microsoft Active Directory. If on-premise applications are needed that are not designed for cloud use, or the business is structured in such a way that it makes more sense to go with the capital expenditure model and pay for hardware and licences up front rather than monthly through Microsoft Office 365, this is the key deciding factor. If none of these apply, however, on-premise servers are no longer the most cost-effective or reliable option for a modern business. If this sounds like you, you should consider using Azure Active Directory instead.

How is Azure Active Directory Different To Microsoft Active Directory?

If you’re a current Carden IT Services customer, we’ll already have your on-premise Active Directory synced with Azure Active Directory. This will give you access to your Office 365 accounts as well as password synchronisation between your on-premises and cloud accounts. To put it another way, updates are made on your physical servers, which are then synchronised with Microsoft’s Azure cloud platform. This is referred to as ADSync. As a result, Azure Active Directory is a server copy of your on-premise Active Directory, allowing us to link machines to the cloud in order to login.

What Is The Future Of Cloud Directories?

It’s impossible to deny that technology has advanced at a breakneck pace in the last decade. Our lives can be carried in our pockets, and our information can be stored in the cloud. And there are no plans to slow down anytime soon!  As internet speeds improve, it becomes more feasible to run almost anything online. More businesses will embrace cloud platforms such as Azure Active Directory expand. Remote working, cybersecurity, and a desire for greater efficiency will all push businesses away from on-premises servers.

No More Local Accounts
Previously, computers used to log in to on-premise servers. Prior to Microsoft Office 365, businesses without servers preferred to build local user accounts on individual computers. This is far from safe, as if a computer is lost or stolen, a simple IT engineer’s USB stick can be used to reset it in minutes, giving access to the entire device. Furthermore, by using a local account, data is stored on the local computer by default, raising the chance of data being lost or stolen. If you use Microsoft Office 365, we don’t suggest building local accounts on your computers. Instead, connect the computer to the Azure cloud!

What Does Azure Active Directory Do?

We can connect the computer directly to Microsoft Office 365 using Azure Active Directory, which means that instead of logging into the local system or on-premises server, machines can log into Microsoft Office 365 using the “ctrl alt delete” screen. This means that if a computer is damaged, robbed, or if an employee has a computer at home when an incident happens, such as dismissal, it is more difficult to break into. The Office 365 admin portal can also uninstall corporate data from the machine remotely. However, this functionality necessitates the installation of Microsoft Intune first.

There are admittedly some drawbacks to using Azure Active Directory instead of on-premise Active Directory, one of which is the lack of Group Policy. Group Policy is an application that runs on on-premises servers and is in charge of system policies such as mapped network drives.  This can also be solved by using Microsoft Intune on top of Azure Active Directory; our article on Intune’s advantages can be found here.

What Is Single Sign-On?

Single sign on, as its name implies, is the use of a single sign on for multiple services. Of course, Microsoft Office 365 is a single sign-on framework for all of its apps, such as Teams, Outlook, Excel and so on, but you’ll also find that other software manufacturers integrate with the Microsoft Office 365 platform to enable you to use the same sign in details in their app as you do in 365. This is done in a completely safe manner.

This has a number of advantages because you can now quickly and easily log in to all your Microsoft services as well as any external apps that allow single sign on at the same time.

How To Move Your Organization To Azure Active Directory

Unfortunately, there is no easy way to transition machines from on-premise Active Directory to Azure Active Directory using automation. Even if your computers are already in Azure thanks to ADSync, they must be disconnected from the on-premise server and then separately joined to Azure Active Directory. This process generates new Windows profiles on each system, which must be installed, (although this step can be automated with Intune.)

When conducting this for a business, we ensure to do it in a planned, methodical way which minimises downtime and disruption.

Please get in touch with us today if you would like to learn more about this service.

Author: Jeremy Huson

Jeremy Huson is the founder and director of Carden IT Services LLC. He has nearly two decades of experience managing businesses’ IT networks and his areas of expertise are IT consultation and cybersecurity.