[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Microsoft Azure AD

Posted on 2016-09-13
8
Medium Priority
?
95 Views
Last Modified: 2016-09-14
I have a small network that I want to setup with all data storage to be on dropbox.
I want to have a domain structure for passwords, GPO, etc.
I do not want to have an on-premise server.
Can I sign up with Microsoft Azure and get active directory?
If so, how much is it per user?
0
Comment
Question by:ie0
8 Comments
 
LVL 60

Accepted Solution

by:
Cliff Galiher earned 1300 total points
ID: 41796846
No. Azure AD is a different beast. With windows 10, you would get centralized authentication, but nothing like group policy at all. At a minimum, you'd need an MDM solution like Intune for that.
0
 

Author Comment

by:ie0
ID: 41796852
Will the MDM solution work for laptops and desktops?
What is the pricing?
Thanks
0
 
LVL 6

Assisted Solution

by:Ganesamoorthy S
Ganesamoorthy S earned 200 total points
ID: 41796866
0
Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

 
LVL 43

Assisted Solution

by:Adam Brown
Adam Brown earned 500 total points
ID: 41796944
As has been said, Azure AD can't replace on-prem DCs. You can replicate users from on-prem to cloud (and vice versa with Azure AD Premium) but devices can't authenticated to an entirely cloud-based AD. In order to be able to authenticate users against the Domain from a workstation, though, you would need an On-prem or Cloud-based VM DC. Adding a VM that is a DC to the Azure environment and syncing its AD info to Azure AD should give you most of what you need, but that DC still needs to have a VPN setup between it and your on-prem network to function.

If you're ok with only being able to manage the computers as Workgroup computers (not domain joined), then Azure AD premium would probably be a good solution for you. Intune should give you some level of management of computers, but not likely as much as Group Policy. If you're interested in doing that, I'd suggest looking at the Enterprise Mobility Suite for Azure, since it packages all the components you'd need to manage phones, laptops, and workstations from the cloud.
0
 
LVL 60

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 1300 total points
ID: 41796980
"but devices can't authenticated to an entirely cloud-based AD"

Windows 10 certainly supports native Azure AD joining. It isn't a workgroup, but isnt like an on-prem domain either. It is a new sort of thing, but for new greenfield deployments, it can certainly be an option worth considering.
0
 
LVL 60

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 1300 total points
ID: 41796988
Intune can certainly manage windows and mac laptops and desktops. Pricing is on their site as there are differences by region and features. I couldn't reasonably list them all here.
0
 
LVL 43

Assisted Solution

by:Adam Brown
Adam Brown earned 500 total points
ID: 41796996
@Cliff - Being able to Join an Azure AD domain isn't the same thing as authenticating against it. MS doesn't currently provide domain authentication against Azure AD for workstations. You can join the domain, but it will function very differently, using the same methodology as the Microsoft Account login system in Windows 10. There is a lot of functionality that just doesn't work well over the Internet (Kerberos Authentication being the Big Thing).
0
 
LVL 60

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 1300 total points
ID: 41797005
Apples and oranges. For someone not wanting an on-prem server, a native azure AD implementation for both users and azure AD joined machines is certainly workable and as dropbox supports SSO with AAD, this *is* a potential option for the OP, with the caveat that I initially pointed out that group policies aren't there and thus intune as a potential filler.

Don't get stuck trying to think of azure AD as an on-prem solution or technology. I know it isn't and never implied it was. But given the OPs post, it *is* possible, and may even be preferable. Microsoft made a ton of investments in Windows 10 1511/1607 and windows server 2016 to make azure AD an interesting contender for cloud -centric organizations.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question