黑料海角91入口

Active Directory (AD) modernization should be on your radar. It鈥檚 no longer elective and only for cloud migrations, it鈥檚 an actuality that every organization using AD is facing. Microsoft has revised its reference architecture and access models into a hybrid cloud solution; on-premise products that provide privileged access and secure AD from threats are being phased out.

Investment into new features to modernize, secure, and protect AD has shifted into Microsoft鈥檚 cloud ecosystem. The end result is a vertically integrated suite of services and tools that鈥檚 one-size-fits-all. This is a prescribed path for every size business that uses AD and can expand Microsoft鈥檚 footprint into nearly every facet of your IT stack by virtue of its product bundling.

Many IT admins tuned out Microsoft鈥檚 declarations about a cloud future over the past decade and went about their business as usual, but its vision has become prescriptive and productized, and change is imminent. Controlling user identities is a key element. However, its architecture may not work well for every organization, either technically or in real-world IT operations. Fortunately, options such as 黑料海角91入口鈥檚 open directory platform exist to modernize AD, which adhere to the same principles for Zero Trust security that Microsoft 鈥榮 architecture follows.

Active Directory as a Legacy Product

AD has been designated as a legacy product in Microsoft鈥檚 and in communications from its team members (it鈥檚 impolite to call anyone out, but check out their LinkedIn posts). These things don鈥檛 happen in isolation; believe what it is saying. It鈥檚 well known that foundational elements of the Windows Server stack have long been cloud bound: Exchange, aka Exchange Online, and Windows Server Update Services (WSUS), which is now Configuration Manager. Configuration Manager is optimized for , which 鈥渦nlocks鈥� features such as conditional access that Microsoft says are essential to protect users.

Additionally, for Advanced Threat Analytics (ATA). Defender for Identity is its cloud replacement, which is just one part of a broader cloud-based security model. Microsoft Identity Manager, which manages privileged access for AD, is also marked for a over the next few years with Entra ID鈥檚 most premium SKUs as its designated replacement. These changes are occurring as part of a major shift in how AD is managed.

The revised reference models and modernization plans include:

• The for managing privileged access.
• The (MCRA), which layers multiple cloud services around AD, with identities being managed by Entra ID. Microsoft is investing in development of these cloud services to secure and protect AD, versus improving AD.
• The (RaMP), which recommends that cloud identity and access management (IAM) and unified endpoint management (UEM) be deployed.

Next, we鈥檒l explore the products and services that Microsoft recommends be used with AD in order to modernize it to meet today鈥檚 IT requirements and secure users and resources. The overall path that it prescribes doesn鈥檛 distinguish between small and medium-sized enterprises (SMEs) that might struggle to implement these services, or very large organizations. 

Microsoft鈥檚 Plan for AD: Use More Microsoft Products

Microsoft鈥檚 approach to modernization isn鈥檛 just about supporting non-Windows devices or using a centralized Identity Provider (IdP) to reestablish access control across all of your apps and resources. The MCRA prescribes using Entra ID Premium 2 with Defender security services to prevent lateral movement through its stack in response to the latest cyber threats. Standalone AD is vulnerable without modernization, and Microsoft is layering on more products in response. You鈥檒l find yourself subscribing to the following if you follow its suggestions:

• Entra ID Premium 2 (P2) includes Identity Protection to detect, investigate, and remediate identity-based risks in organizations that have modernized AD by using Entra. For example, password spray attacks occur when attackers attempt to compromise accounts by using a curated list of passwords that may be associated with those users. Identity Protection assists with limiting the risk of identity-based attacks across its stack.
• Intune to manage your endpoints, including Windows. Its latest preview features, such as Group Policy analytics, will analyze on-prem Group Policy Objects (GPO) and map them to Intune. This foretells a fully cloud-managed infrastructure.
• Defender for Identity is a safeguard that protects AD against lateral spread through the Microsoft stack. It鈥檚 not included with Entra P2 and must be licensed separately. Standalone AD is vulnerable to privilege escalation when unpatched (or zero-day vulnerabilities) or misconfigurations are exploited to bypass its security.
  • Defender for Identities won鈥檛 work to its full potential without Microsoft Defender for Endpoints, an endpoint detection and response solution, being installed to account for server threats.
• Defender for Servers is recommended if you host AD in AWS or GCP for cloud security posture management (CSPM).
• You cannot utilize Microsoft鈥檚 cloud security services for AD without adopting Entra ID. AD will interoperate with other identity providers (IdPs), but it鈥檚 still central to your IT infrastructure under Microsoft鈥檚 new architecture that surrounds AD.

Drawbacks for SMEs

Microsoft鈥檚 prescribed pathway to AD modernization has several major drawbacks.

Those include:

• Locking SMEs (and AD) into a suite of vertically integrated tools.
• Limiting freedom of choice to utilize today鈥檚 best-of-breed technologies by bundling unrelated IT services with IT management products.
• Microsoft鈥檚 guidance suggests that customers partner with vendors to completely implement these services and any handle change management. This makes system management more complex and costly. 
• Distracting IT from its core mission by diverting resources to using its ecosystem.

Its plan for AD modernization may work out well for some Microsoft shops, but SMEs don鈥檛 have unlimited assets to update a legacy solution. If you鈥檙e thinking 鈥渨e don鈥檛 need all of that,鈥� please remember that AD modernization can鈥檛 be disregarded. Consider 黑料海角91入口 as an alternative.

黑料海角91入口鈥檚 Open Directory Platform Modernizes AD

Think back to RAMP, Microsoft鈥檚 guidance to adopt a Zero Trust security strategy. 黑料海角91入口 manages identities as a full-fledged IdP, but it can also sync and federate with other IdPs. That includes Active Directory Integration (ADI), which has multiple deployment models to meet your company鈥檚 needs and objectives. ADI has a scalable deployment model that uses member servers to configure syncing with AD. It鈥檚 even possible to sync multiple domains to 黑料海角91入口.

Integrated UEM (which contains, among other things, MDM and EMM services) secures access to resources from every device. Single sign-on (SSO) supports web authentication (RESTful API, OIDC, and SAML) in addition to commonly used network protocols (RADIUS and LDAP). This posture ensures that multi-factor authentication (MFA) will be used everywhere it should be. 黑料海角91入口 Go鈩� delivers a modern authorization that鈥檚 phishing-resistant via a hardware-bound credential. Likewise, 黑料海角91入口 features optional conditional access, which is central to Microsoft’s new enterprise access model for AD.

Other features that can modernize AD include:

• A large catalog of pre-built SSO apps and the ability to create custom apps
• A decentralized password manager with business collaboration features and management for when SSO isn鈥檛 an option
• Dynamic groups to automate lifecycle management and simplify onboarding users and devices. Pre-built integrations with popular HR systems keep entitlements up to date
• SCIM provisioning to streamline app authorizations from groups at no additional cost
• Certificate-based authentication for RADIUS to secure your Wi-Fi in addition to dynamic VLAN assignments
• Pre-built reports and telemetry from your devices, directory, and SSO apps
• Software management and a private repository (coming soon)
• Commands and scripting with a virtual command line interface (coming soon)
• Optional cross-OS system and browser patch management
• Optional Remote Assist

SMEs can use 黑料海角91入口 to modernize AD from a single console due to its integration with AD, and unification of IAM with UEM. Essential management tools are optional help to ensure that systems are patched and supported. And you don’t have to enlist vendors to implement it.

Modernize AD on Your Terms

AD modernization is important, no matter where you land on that journey. There鈥檚 more than one way to accomplish it, and Microsoft鈥檚 way may not be what鈥檚 best for you. Get started with a trial today, or contact us to discuss your needs and how 黑料海角91入口 can help. We provide complimentary support to get you started and professional services that are tailored for SMEs.