Solved

Microsoft Azure AD

Posted on 2016-09-13
8
66 Views
Last Modified: 2016-09-14
I have a small network that I want to setup with all data storage to be on dropbox.
I want to have a domain structure for passwords, GPO, etc.
I do not want to have an on-premise server.
Can I sign up with Microsoft Azure and get active directory?
If so, how much is it per user?
0
Comment
Question by:ie0
8 Comments
 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 325 total points
ID: 41796846
No. Azure AD is a different beast. With windows 10, you would get centralized authentication, but nothing like group policy at all. At a minimum, you'd need an MDM solution like Intune for that.
0
 

Author Comment

by:ie0
ID: 41796852
Will the MDM solution work for laptops and desktops?
What is the pricing?
Thanks
0
 
LVL 6

Assisted Solution

by:Ganesamoorthy S
Ganesamoorthy S earned 50 total points
ID: 41796866
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 39

Assisted Solution

by:Adam Brown
Adam Brown earned 125 total points
ID: 41796944
As has been said, Azure AD can't replace on-prem DCs. You can replicate users from on-prem to cloud (and vice versa with Azure AD Premium) but devices can't authenticated to an entirely cloud-based AD. In order to be able to authenticate users against the Domain from a workstation, though, you would need an On-prem or Cloud-based VM DC. Adding a VM that is a DC to the Azure environment and syncing its AD info to Azure AD should give you most of what you need, but that DC still needs to have a VPN setup between it and your on-prem network to function.

If you're ok with only being able to manage the computers as Workgroup computers (not domain joined), then Azure AD premium would probably be a good solution for you. Intune should give you some level of management of computers, but not likely as much as Group Policy. If you're interested in doing that, I'd suggest looking at the Enterprise Mobility Suite for Azure, since it packages all the components you'd need to manage phones, laptops, and workstations from the cloud.
0
 
LVL 57

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 325 total points
ID: 41796980
"but devices can't authenticated to an entirely cloud-based AD"

Windows 10 certainly supports native Azure AD joining. It isn't a workgroup, but isnt like an on-prem domain either. It is a new sort of thing, but for new greenfield deployments, it can certainly be an option worth considering.
0
 
LVL 57

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 325 total points
ID: 41796988
Intune can certainly manage windows and mac laptops and desktops. Pricing is on their site as there are differences by region and features. I couldn't reasonably list them all here.
0
 
LVL 39

Assisted Solution

by:Adam Brown
Adam Brown earned 125 total points
ID: 41796996
@Cliff - Being able to Join an Azure AD domain isn't the same thing as authenticating against it. MS doesn't currently provide domain authentication against Azure AD for workstations. You can join the domain, but it will function very differently, using the same methodology as the Microsoft Account login system in Windows 10. There is a lot of functionality that just doesn't work well over the Internet (Kerberos Authentication being the Big Thing).
0
 
LVL 57

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 325 total points
ID: 41797005
Apples and oranges. For someone not wanting an on-prem server, a native azure AD implementation for both users and azure AD joined machines is certainly workable and as dropbox supports SSO with AAD, this *is* a potential option for the OP, with the caveat that I initially pointed out that group policies aren't there and thus intune as a potential filler.

Don't get stuck trying to think of azure AD as an on-prem solution or technology. I know it isn't and never implied it was. But given the OPs post, it *is* possible, and may even be preferable. Microsoft made a ton of investments in Windows 10 1511/1607 and windows server 2016 to make azure AD an interesting contender for cloud -centric organizations.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question