Azure AD(AAD) has been renamed Microsoft Entra ID, but I will continue to use Azure AD(AAD) in this blog because it has been so widely used and because most users are still unaware of this change.
The question, “Can I replace Microsoft Active Directory with Azure Active Directory?” is frequently posed by IT professionals. This is especially true as most modern IT environments reside in or migrate to the cloud.
The brief answer may be NOPE AAD is not an alternative to Active Directory. AAD was originally intended to provide a simplified alternative to AD FS for SSO by connecting users to Microsoft 365 services. Azure AD(AAD) launching pad for new subscription services that target enterprise customers and charge for capabilities that on-premises AD provided for free.
These big differences between the two technologies suggest that they are suited for distinct applications. But it need not be “Active Directory vs. Azure Active Directory”; in truth, the majority of the time it is “Active Directory and Azure Active Directory.”
AAD was established to expand Microsoft’s cloud presence. It is simpler to implement than Active Directory Federation Services (AD FS) for single sign-on (SSO) and connects Active Directory users with Microsoft Azure services. AAD does not incorporate all of Active Directory’s features and lacks support for authentication protocols such as LDAP and RADIUS without an additional subscription.
Intune and Microsoft Endpoint Manager replaced familiar concepts such as Group Policy Object (GPOs). Even organizational units (OU) have been replaced by administrative units (AU), a model that operates very differently from Microsoft Active Directory (AD). AAD requires the purchase of the correct SKU or separate Azure services in order to assemble functionally equivalent AD DS and NPS server roles. AAD is incapable of managing your devices and is incompatible with these protocols.
Should I use Azure AD or ADFS ?
As per Microsoft Instead of upgrading to the latest version of AD FS, Microsoft highly recommends migrating to Azure AD.
Azure AD and AD FS perform comparable functions in an IT environment. Both Microsoft products share SSO-like characteristics, and they must operate in tandem with on-premises Active Directory (although Azure AD may be used independently). AD FS is a security token service (STS), while AAD is a solution for identity and access management (IAM).
Azure AD provides IT organizations with greater control over user identities outside of applications than AD FS, making it a popular solution. Additionally, it has sophisticated access control and identity management capabilities.
- AAD offers multi-factor authentication (MFA) across all of its tiers, from AAD’s Security Defaults to more granular options such as conditional access restrictions for privileged users.
- AAD can restrict legacy authentication methods and enforce password quality and health.
- The Premium tiers of AAD include a variety of risk-based rules/conditions and behavioral monitoring to safeguard identities. It depends on the tier being utilized.
- The Premium tiers of AAD include password reset as a service and more.
- Azure Active Directory (Azure AD) Connect Health is included in the Premium tiers of AAD to monitor on-premises identity infrastructure.
- AAD has role-based access controls, but dynamic groups that make and propose user lifecycle modifications via attributes are available for an additional fee.
- AAD and Intune are integrated for device management and application protection protocols.
- AAD is scalable and offers geo-redundancy.
AD FS is ideally adapted for managing access to internal applications and extending AD to third-party applications. AAD offers less robust support for SAML’s claims-based authentication workflow (token claims) than Azure Active Directory. It can also ingest eternal identities and federate with SAML or WS-Fed identity providers utilizing internal IT infrastructure.
Conclusion
Azure AD, Microsoft AD and ADFS are distinct solutions for identity and access management (IAM) and security token service (STS).
- Azure AD is a cloud-based IAM solution that can manage user identities and access to various cloud applications and resources.
- Microsoft AD is an on-premises directory service that can manage user identities and access to various network resources.
- ADFS is an on-premises STS that can authenticate users with Microsoft AD or Azure AD and issue security tokens for accessing web applications
