Solved

Microsoft Azure AD

Posted on 2016-09-13
8
38 Views
Last Modified: 2016-09-14
I have a small network that I want to setup with all data storage to be on dropbox.
I want to have a domain structure for passwords, GPO, etc.
I do not want to have an on-premise server.
Can I sign up with Microsoft Azure and get active directory?
If so, how much is it per user?
0
Comment
Question by:ie0
8 Comments
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 325 total points
ID: 41796846
No. Azure AD is a different beast. With windows 10, you would get centralized authentication, but nothing like group policy at all. At a minimum, you'd need an MDM solution like Intune for that.
0
 

Author Comment

by:ie0
ID: 41796852
Will the MDM solution work for laptops and desktops?
What is the pricing?
Thanks
0
 
LVL 6

Assisted Solution

by:Ganesamoorthy S
Ganesamoorthy S earned 50 total points
ID: 41796866
0
 
LVL 38

Assisted Solution

by:Adam Brown
Adam Brown earned 125 total points
ID: 41796944
As has been said, Azure AD can't replace on-prem DCs. You can replicate users from on-prem to cloud (and vice versa with Azure AD Premium) but devices can't authenticated to an entirely cloud-based AD. In order to be able to authenticate users against the Domain from a workstation, though, you would need an On-prem or Cloud-based VM DC. Adding a VM that is a DC to the Azure environment and syncing its AD info to Azure AD should give you most of what you need, but that DC still needs to have a VPN setup between it and your on-prem network to function.

If you're ok with only being able to manage the computers as Workgroup computers (not domain joined), then Azure AD premium would probably be a good solution for you. Intune should give you some level of management of computers, but not likely as much as Group Policy. If you're interested in doing that, I'd suggest looking at the Enterprise Mobility Suite for Azure, since it packages all the components you'd need to manage phones, laptops, and workstations from the cloud.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 325 total points
ID: 41796980
"but devices can't authenticated to an entirely cloud-based AD"

Windows 10 certainly supports native Azure AD joining. It isn't a workgroup, but isnt like an on-prem domain either. It is a new sort of thing, but for new greenfield deployments, it can certainly be an option worth considering.
0
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 325 total points
ID: 41796988
Intune can certainly manage windows and mac laptops and desktops. Pricing is on their site as there are differences by region and features. I couldn't reasonably list them all here.
0
 
LVL 38

Assisted Solution

by:Adam Brown
Adam Brown earned 125 total points
ID: 41796996
@Cliff - Being able to Join an Azure AD domain isn't the same thing as authenticating against it. MS doesn't currently provide domain authentication against Azure AD for workstations. You can join the domain, but it will function very differently, using the same methodology as the Microsoft Account login system in Windows 10. There is a lot of functionality that just doesn't work well over the Internet (Kerberos Authentication being the Big Thing).
0
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 325 total points
ID: 41797005
Apples and oranges. For someone not wanting an on-prem server, a native azure AD implementation for both users and azure AD joined machines is certainly workable and as dropbox supports SSO with AAD, this *is* a potential option for the OP, with the caveat that I initially pointed out that group policies aren't there and thus intune as a potential filler.

Don't get stuck trying to think of azure AD as an on-prem solution or technology. I know it isn't and never implied it was. But given the OPs post, it *is* possible, and may even be preferable. Microsoft made a ton of investments in Windows 10 1511/1607 and windows server 2016 to make azure AD an interesting contender for cloud -centric organizations.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now