Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
For most organizations, a hybrid strategy with both on-premises Active Directory (AD) and cloud-based Azure AD will make sense for some time, because each is suited best to different functions. On-prem AD is still more capable for systems management and
control, while Azure AD is much more flexible for cloud-centric authentication and authorization. Azure AD also offers a wide variety of integration services that provide more parity than ever before with traditional AD capabilities. This piece details
the main difference between the two tools and offers tips for deploying them successfully.
Azure AD differs from traditional on-prem AD in several ways:
Figure 1 lists the many security distinctions between Azure AD and traditional on-prem AD.
Figure 1: AD vs. Azure AD Feature Comparison
Users and groups are created manually or through central IT operational management platforms and applications
Most users are synchronized through SCIM or Azure AD Connect from on-prem or other identity stores
Entitlement and group membership allocation
Uses groups to allocate privileges to members and associate these with services and applications
Can use groups to allocate privileges as well, but it has an entirely separate entitlement engine that can create automation workflows and supports more time-based criteria for access
Administration and privilege management
Privileged groups and users are handled with domains, OUs and admin groups/roles, e.g. domain administrators
All administration and role-based control is handled through Azure role-based access control (RBAC) and privileged identity management (PIM) services. Credential management is also more flexible and cloud-ready.
Access is provisioned using Kerberos, NTLM and LDAP
Can support legacy access with the Azure AD Application Proxy, but also supports provisioning to cloud services and apps
Device access and management
Windows system management and controls are very mature and centrally manageable through group policy and tools like System Center Configuration Manager (SCCM)
Can manage systems through Azure AD Domain Services integration, use of the Microsoft Intune client, conditional access policies and managed identities
Source: IANS, 2021
When planning a move to Azure AD, organizations must keep several considerations in mind. To ensure success:
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
November 30, 2023
By IANS Research
CISOs, find guidance on what to focus on within the first 30 days, 6 months and first year of your tenure to ensure a fast, successful start.
November 28, 2023
Use this checklist of best practices, designed to help CISOs and cybersecurity leaders protect their organizations and avoid SEC compliance missteps.
November 21, 2023
Access key data sets from the 2023 edition of IANS and Artico Search’s Security Organization and Compensation Benchmark Report. Gain valuable insights on functional leadership compensation to hire and retain top security talent.