Azure Active Directory is "as a service" offering from Azure. I have seen documentations and content from Microsoft stating that can be used for SSO and other Web application for unified auth.
Will it be possible to make use of Azure Active Directory as replacement of Windows Server AD in Azure virtual machines in Virtual Networks? I see that the Windows Server Active Directory Installation on Azure VM involves execution from powershell and stuff?
Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It actually provides many more capabilities in a different way.
You can enable Azure AD login for VM images in Windows Server 2019 Datacenter or Windows 10 1809 and later. To create a Windows Server 2019 Datacenter VM in Azure with Azure AD login: Sign in to the Azure portal by using an account that has access to create VMs, and select + Create a resource.
Install Active Directory Domain Services Start Add Roles and Features on the Azure VM. Add the Active Directory Domain Services role and all necessary features. Promote this server to a domain controller. Select Add a domain controller to an existing domain.
NO! Windows Azure Active Directory is NOT a Domain Controller. You can NOT join computers to Windows Azure AD. You can use it to sync on-premises AD with Windows Azure AD to easily enable Web SSO (Single Sign On). You can use to build enterprise grade web applications.
You can read more about Windows Azure Active Directory here.
Up until recently the answer was a flat no, but that has changed with Windows 10.
Windows 10 devices can join Azure Active Directory (AD) domains. But it is more about identify management than traditional Active Directory (AD) services. But you can use a combination of Azure AD and MDM (Mobile Device Management) to provide some of the services that used to be reserved for AD.
One thing to keep in mind is that Azure Active Directory (AD) is completely different than the similarly named Active Directory provided by a Windows Domain Controller. Azure AD is not a Domain Controller, but as of Windows 10 Azure AD, MDM and Intune can do some of the things that you previously could only be provided by AD. With Windows 10, Microsoft has greatly extended MDM and has made it possible to manage regular Windows 10 desktop and laptops with MDM.
The Active Directory Team Blog has more information. The post Azure Active Directory and Windows 10: Bringing the cloud to enterprise desktops! list some of the benefits that it brings including:
This doesn't cover the traditional features provided by AD. Per the post Azure AD Join on Windows 10 devices Azure AD it targeted at the following three scenarios: Your apps and resources are largely in the cloud, Seasonal workers and Students, and Choose your own device for on-premises users. As you can see Azure AD is targeted more towards enabling BYOD (Bring Your Own Device). Azure AD enables management of devices, like tablets or non-Pro version of Windows, that don't have the capability to join a Domain.
From the same post:
Domain join gets you the best on-premises experiences on devices capable of domain joining, while Azure AD join is optimized for users that primarily access cloud resources. Azure AD Join is also great if you want to manage devices from the cloud with a MDM instead of with Group Policy and SCCM.
Azure now offers traditional Active Directory service called Azure Active Directory Domain Services. This offers domain join, NTLM and Kerboeros authentication. You can even manage machines using Group Policy.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With