InfoSec-Specific Executive Development for CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive labs to build you and your team's InfoSec skills
For most organizations, a hybrid strategy with both on-premises Active Directory (AD) and cloud-based Azure AD will make sense for some time, because each is suited best to different functions. On-prem AD is still more capable for systems management and
control, while Azure AD is much more flexible for cloud-centric authentication and authorization. Azure AD also offers a wide variety of integration services that provide more parity than ever before with traditional AD capabilities. This piece details
the main difference between the two tools and offers tips for deploying them successfully.
Azure AD differs from traditional on-prem AD in several ways:
Figure 1 lists the many security distinctions between Azure AD and traditional on-prem AD.
Figure 1: AD vs. Azure AD Feature Comparison
Users and groups are created manually or through central IT operational management platforms and applications
Most users are synchronized through SCIM or Azure AD Connect from on-prem or other identity stores
Entitlement and group membership allocation
Uses groups to allocate privileges to members and associate these with services and applications
Can use groups to allocate privileges as well, but it has an entirely separate entitlement engine that can create automation workflows and supports more time-based criteria for access
Administration and privilege management
Privileged groups and users are handled with domains, OUs and admin groups/roles, e.g. domain administrators
All administration and role-based control is handled through Azure role-based access control (RBAC) and privileged identity management (PIM) services. Credential management is also more flexible and cloud-ready.
Access is provisioned using Kerberos, NTLM and LDAP
Can support legacy access with the Azure AD Application Proxy, but also supports provisioning to cloud services and apps
Device access and management
Windows system management and controls are very mature and centrally manageable through group policy and tools like System Center Configuration Manager (SCCM)
Can manage systems through Azure AD Domain Services integration, use of the Microsoft Intune client, conditional access policies and managed identities
Source: IANS, 2021
When planning a move to Azure AD, organizations must keep several considerations in mind. To ensure success:
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
October 19, 2021
By IANS Faculty
Continuous compliance requires continuous monitoring and validation of controls in the environment, as well as integration with governance, risk management and compliance tools and platforms. Understand the processes, tools, stakeholders and focus required for a best practice continuous compliance program.
October 14, 2021
Learn how the DDoS threat is evolving and get a step-by-step playbook to ensure your organization is protected against DDoS attacks and has a response plan in place.
October 12, 2021
Uncertain how to secure your M365 environment? Our Faculty identify and explain the five primary areas of M365 that will provide the best security return-on-investment with the least user experience impacts.