Back in July, Microsoft announced that Azure Active Directory would become Entra ID. While the change was mostly just a rebranding, it still sparks the question: is Microsoft moving on from Active Directory? And should your business move on too? It’s an interesting question if you look at the difference in capabilities and use cases of what used to be Azure AD and its “on-prem” forebearer, Active Directory (AD). But as the standard for network management authentication since Windows 2000, it might be strange to think of the Microsoft world without AD. In this blog post, we’ll ponder what the move from AD to the cloud might mean for your small or medium business.
Authentication
One of the most fundamental concepts in cybersecurity is authentication. If you can digitally prove that you are really you, then it’s pretty straightforward for your network or cloud administrator to give you access to the appropriate network resources (files, access to software systems, or administrator privileges). On the other hand, many security breaches and risks are based on impersonation or the theft of your identifying information, passwords, cryptographic keys, etc. This makes it more important than ever for you to have a strong, reliable system to authenticate your identity on your network.
Active Directory has been Microsoft’s flagship identity management suite for a long time, but it was always intended to authenticate users on a local network. Of course, “local” doesn’t mean what it used to—given how secure and reliable modern VPN technology is—but those kinds of networks can be complex and take a lot of expertise to secure and maintain. One of the most important aspects of Active Directory is its ability to manage identity and authorization across multiple on-premises components (different offices and branches of your company).
Going Passwordless?
The move to Entra ID, in practice, is about making it possible to authenticate for many different services and applications at once (“multicloud identity,” as Microsoft call it), whether they are local resources or cloud apps. This is a question not just of how to authenticate most securely in more cloud environments, but how to scale up, in terms of supporting a wider number of cloud services, adding mobile device support natively, and using modern authenticator apps to go passwordless. Active Directory would need third party apps to achieve most of these features, but they’re at the core of Entra ID.
If you haven’t spent much time with authenticator apps yet, it might sound kind of shocking to hear that the next trend in security is to not have a password to securely access your resources. The idea isn’t to have less authentication, but to have it be less based on “something you know” and more based on “something you have” or “something you are.”
Luckily for us, apps and devices can do a lot of this work faster than we can type a password, by sending a text message with a time-based one-time password, using biometric data to sign into our account, or by working with a cryptographic key that it already generated and saved. Putting two or more of these together provides much stronger security than a password, since they’re all harder types of information to fake. A big part of why we might think passwordless authentication is weird is because we still live in an Active Directory world, where we use passwords to login to workstations and VPNs.
Seeing the Future in Entra ID
Entra ID really is just the next step in Active Directory’s evolution. While some of the components of Active Directory are updated and more complex in the cloud-based world, others are actually simplified—like how Entra ID doesn’t have a lot of features that deal with local network infrastructure. Instead, it’s more concerned with providing a robust but easy-to-use login system with a lot of the same group and credential-based management behind the scenes.
Ultimately, it’s not so much that we’re saying goodbye to Active Directory, but we’re seeing what Microsoft thinks the future holds. As with a lot of technological innovations, it’s going to make sense for a lot of companies to adopt the new platform early, but certain use cases will keep some AD setups going for as long as it’s supported.
As more apps and cloud software becomes ready for Entra ID there will be more and more reasons to switch over to the cloud for your authentication and security needs. One motivating factor could be a fast-approaching deadline to leave behind old operating systems and reimagine what your network could do to generate more value for your company through less help-desk reliance and with tighter security managed across more platforms.
-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team