When the world went remote, people were surprised to learn that many aspects of their jobs looked pretty much the same as they did in the office. It turns out that accessing resources from the kitchen (or the beach, or a coffee shop, or a train) isn’t that different from doing it in the office. In fact, we make it our mission to make sure remote work can happen from anywhere, on your terms.

Remote tech support, however, isn’t quite the same experience when you can’t see or drive the user’s screen directly. It’s frustrating and inefficient at best, and at worst, it creates more issues than it solves. Between trying to understand the user’s issue and prescribing solutions via verbal or written instructions, every ticket seems to take twice as long as they should. 

But as remote work becomes a permanent part of today’s workplace (the average SME is now 57% remote or hybrid-remote), IT teams and MSPs must be able to effectively assist users remotely. To help teams streamline remote tech support, JumpCloud has introduced Remote Assist, which enables IT teams and MSPs to remotely view and control users’ devices. And we’ve got more good news: Remote Assist is free for all organizations and MSPs that use JumpCloud. 

How Does Remote Assist Work? 

JumpCloud Remote Assist facilitates remote tech support by allowing admins to remotely see and control a user’s device, regardless of their location. It includes the following capabilities:

• Multi-OS support: Provide remote assistance to Windows and macOS devices, with Linux coming soon. 
• Remote support straight from your browser: Offer remote assistance through your browser, from anywhere, with any device, and at any time, with no need to install additional tools. 
• Multiple monitor support: View, control, and switch between any number of monitors connected to your remote Mac or Windows devices.
• Audit Logging: Get centralized logging of all remote support sessions. 
• Clipboard synchronization: Copy and paste text and images between remote and local devices (coming soon).
• Role-based access control: Determine which technicians can access end user devices via the JumpCloud account role-based access controls.
• Secure Peer-to-Peer Connection: Assist employees securely with fully secured, private sessions protected by unique session keys, end-to-end encryption, and direct peer-to-peer communications.

Note that the first release of JumpCloud Remote Assist focuses on attended access for macOS and Windows, with Linux and unattended access coming soon. 

Key Benefits of JumpCloud Remote Assist

Remote Assist is free to all organizations and MSPs without any restrictions on time, number of devices, sessions or technicians. It allows organizations to support an unlimited number of devices, regardless of the number of IT technicians using JumpCloud Remote Assist, for as long as they want. This ability to remotely assist users effectively (without incurring additional costs) is a critical component in making a smooth transition to the long-term remote-first paradigm.  

Benefits to Direct Customers:

• Increased Productivity and Lower User Friction: End-users resolve their technical problems more quickly, allowing them to focus on productivity and minimize time lost while waiting on issue fixes.
• Windows, macOS, and Linux Support: Remote assistance becomes available to everyone — not just Windows users. This boosts team productivity as well as the end-user experience. 
• Faster Resolution for Help-Desk Tickets: IT teams can close helpdesk tickets faster, reducing time-to-resolution for your users and optimizing IT’s productivity time.

Benefits to MSPs:

• Increased Reselling Margins: Centralize all your core capabilities such as identity, access, device management, and live remote assistance in the JumpCloud directory platform.
• Reduced Operating Costs: Provide an easy and cost-effective way to manage multi-OS devices remotely.
• Optimize Technician Time: Empower your IT admins to work efficiently and provide faster time-to-resolution for helpdesk issues. 

Part of a Holistic Solution

With the latest Remote Assist solution offering, JumpCloud adds and consolidates multiple tools into a single platform. Organizations and MSPs that use JumpCloud can now administer and troubleshoot end-user devices remotely, without relying on or paying for third-party solutions.

In addition, the combination of Remote Assist, mobile device management (MDM), and patch management provides critical device management capabilities that deliver more comprehensive value than ad hoc approaches to device management. That includes optimized resources, time, and tools for IT teams and better savings for the organization.

Because the JumpCloud Directory Platform works well with other IT solutions in the market, organizations and MSPs can choose to use their existing MDM and identity access management (IAM) solutions while utilizing JumpCloud Remote Assist for free. All it takes to register is installing the JumpCloud Agent. 

Get JumpCloud Remote Assist for Free!

JumpCloud is the only platform in the industry that consolidates live remote support with centralized identity, asset management and Secure, Frictionless Access^TM to all company resources.

JumpCloud Remote Assist is free for any organization to use, at any scale, for any number of devices, without any limits on time. Sign up for a free account to start working efficient remote assistance into your remote or hybrid strategy.

• News

• Devices

Integrations are an oft-requested item from customers and prospects of JumpCloud. This is especially true with our Managed Service Providers (MSPs) who use many tools to run their business efficiently. One of the most common tools MSPs use are Professional Services Automation (PSA) tools. These PSA tools serve several purposes: CRM, project management, help desk management, billing, and invoicing (to name a few). 

Most IT Admins start their day with a cup of coffee (at least they do in the US) and an email check-in for any urgent issues. They spend a great part of their day solving support tickets, responding to phone calls, and answering emails from end users in addition to trying to get ahead on any projects. However, the process to access the information they need to solve support tickets can quickly become untenable, which will always take away from strategic projects and initiatives. 

Having different systems and communication tools to solve problems can in itself be very time consuming. In order to simplify that process, we built a native connector from JumpCloud to PSAs such that, when an important alert is generated on any of your clients, a ticket gets created in your PSA and assigned to a tech or a queue automatically. This helps technicians more quickly respond to client issues by centralizing the pertinent information they need in their preferred platform of action.

Helping Admins Stay on Top of Issues

JumpCloud’s open directory platform generates alerts that require an admin to take action and fix. Some common alerts include: 

• User Lockout: This is generated when a user has tried to login to their managed device with a wrong password too many times. They are now locked out and in need of being unlocked. 
• Password Expiration: A user’s password has gone past the organization’s threshold for number of days of usage.
• Sudo Admin Access Granted: A user has been granted superuser access on a device or a group of devices. This access might need to be revoked to avoid accidental damage.

When such actionable alerts are generated, MSPs can configure them to automatically create tickets in their PSA. Then they can take pre-emptive action before the user calls or submits a support request.

Configuring the Integration

Here are the 3 things you need to do to set up an integration to your PSA from JumpCloud:

1) Authentication

ConnectWise Manage requires you to have a public key and private key combination in order to authenticate and set up the integration.

Autotask requires you to have an API key and secret.  

2) Company Mapping

Map the companies in your PSA to the organizations in JumpCloud to ensure that the ticket is properly associated with the company that had the alert.

3) Configure and Enable Ticketing

Turn on ticket generation overall and configure the alert level. Every alert can be assigned a priority, status, source, due date and resource or queue assigned to.

Congratulations! You are good to go and should start receiving tickets in your PSA when important alerts happen. 

Want to check out more integrations? Not a partner yet? Sign up here to trial JumpCloud For MSPs!

Active Directory (AD) is a directory service introduced by Microsoft that runs on a Windows server to centrally manage user access to resources on the LAN. The server role in Active Directory is run by Active Directory Domain Services (AD DS), and the server running AD DS is called a domain controller. The domain controller performs two important functions:

• Authenticates and authorizes all users and systems in a Windows-based network
• Assigns and enforces all security policies for Windows systems

That is why Active Directory remains an important system of record for many small and medium-sized enterprises (SMEs), even though it can only reside on servers within a network. However, IT infrastructure and workplace trends have changed dramatically since its introduction over two decades ago. It’s common to have a heterogeneous mix of devices with employees working remotely at least some of the time (or even indefinitely). Microsoft has responded by extending AD to the WAN, but devices and users can now be managed without AD, or Microsoft. 

Identity has become the new perimeter and IT teams must look beyond standalone AD to manage identities and all corresponding devices, wherever they exist. Devices are the gateway to your IT assets and shouldn’t go unmanaged because they’re not Windows. Cloud directories are filling the gap by providing the access control, device management, portability, and security that AD cannot. This has brought forward the option for a new paradigm: the domainless enterprise.

This article examines AD’s benefits, and when it’s necessary to look beyond it. That’s accomplished by integrating with cloud directory services to extend it, or even a domainless enterprise.

What Does Active Directory Do?

AD DC manages local network elements, such as systems and users, by organizing them into a structured hierarchy. The domain controller is then responsible for authorizing user authentication requests within the network. The next section outlines its core capabilities.

Manages Devices, Services, and Users

Active Directory Users and Computers manages local contacts, devices, and users in your fleet: from PCs to printers. Admins create and organize groups within organizational units (OUs) to logically separate resources. OUs reside within a “forest,” which is the highest level of organization in AD. It may include service accounts for network services, apps that run on your servers, and integrations with SaaS apps. Service accounts can run locally on machines or across the domain. This tool also configures permissions for objects within your directory.

Global Catalog of Domains

Global catalog is an AD feature that stores replicas of the attributes of an object within a forest (or domain tree), even if the object (such as a user) resides within a separate domain. This enables organizations to centralize IT even if they have multiple locations and data centers, but users and devices must either exist within the confines of those facilities or utilize a VPN.

Querying and Indexing Directory Objects

There are two built-in options to query AD attributes. The Active Directory schema snap-in enables admins to index attributes. PowerShell is another option to specify a query string to retrieve AD objects. Many organizations purchase third-party reporting tools for compliance purposes and to gain visibility into their AD environment, but it’s vital to trust all software that’s installed on a DC. Attackers may gain entry into networks through the supply chain, and DCs hold the “keys to the kingdom.”

High Availability

Every domain controller is a server object in AD DS. High availability is automatic whenever there’s more than one DC. This makes it possible to shut down a server for maintenance without impacting your end users. Objects are automatically replicated throughout the server cluster. Administration is more complex: e.g., add-on apps must be installed and updated on each DC. Adding servers may increase licensing, management, server infrastructure costs.

Schemas and Templates

Admins have deep control over how AD operates. Schemas can be customized to control (through rules) objects that can be stored within the directory and their related attributes. Templates can be configured to automate the creation of objections and associated policies. Admins use the Group Policy Editor to create and edit ADMX and ADML template files. Templates may also be imported into Microsoft’s Endpoint Manager, a new subscription cloud service.

Now, let’s explore what AD isn’t capable of doing.

What Doesn’t Active Directory Do?

The domain controller serves an important role, but the modern workplace has shifted to the cloud. Legacy management solutions like the domain controller struggle to manage the disparate, non-Windows-based identities that have become commonplace in the IT landscape. Managing identities also entails managing devices and access to SaaS apps external to the Microsoft ecosystem. The next section examines those constraints in further detail.

Single Sign-On (SSO) and Multi-factor Authentication (MFA)

The widespread shift toward web applications means that end users can no longer leverage single sign-on (SSO) through AD for all resources. Twenty years ago, when the IT landscape consisted entirely of Windows applications and desktops, AD connected every user to just about every resource they required. AD no longer grants that level of authorization, forcing admins to adopt additional tooling to manage authentication and authorization for all of their IT assets.

Microsoft introduced an Identity-as-a-Service (IDaaS) solution with Azure Active Directory (AAD), but AAD can make identity management complex, time-consuming, and costly for IT admins by forcing them to keep on-prem AD in conjunction with it. There’s a free tier of AAD that makes it possible to access apps such as Microsoft 365 (M365), but a Premium 1 (P1) or greater subscription to AAD is necessary to have SSO for domain-bound apps and the cloud.

Additionally, if IT professionals wanted to leverage SSO for their users without AAD, they would have to add Active Directory Federation Services (AD FS) to their on-prem AD. That would need to be housed on-prem. AD FS has high management overhead and can be difficult to implement. Microsoft requires the NPS server role to be installed, configured, and managed to access network devices. There are multiple options for SSO within the Microsoft portfolio, but extending AD for roles it wasn’t designed for dramatically increases complexity and overhead.

Multi-factor authentication (MFA) isn’t built into AD. SMEs must purchase solutions that integrate with it. Microsoft offers MFA to access Windows apps, but only through its AAD P1, P2 SKUs. Additionally, conditional access (CA) policies aren’t available without those integrations.

Securing and Managing External Identities 

The domain controller struggles with providing access to IT resources outside of the on-prem Windows networks, so AWS and GCP infrastructures can be difficult to integrate, such as Google Workspace. 

Third-party solutions, such as JumpCloud’s open directory, manage identities from other identity providers (IdPs) such as Google or Okta. Microsoft has introduced the capacity to manage external identities through Entra, for an additional monthly fee per user. It also charges for every single instance of an MFA authentication for those external IDs.

Strong Security Defaults

Substantial work is required to harden Active Directory through specialized configurations. It’s not secure by default, and attackers have cultivated a strong understanding of AD’s default settings. Hardening AD is mandatory to secure your infrastructure. 

IT teams should always follow best practices to limit how they run as domain administrators. It’s advisable to use Microsoft’s ATA (Advanced Threat Analytics) or Defender for Identity to detect anomalous user behaviors. Security best practices for AD can take several full days of work to implement.

Automation of Identity Lifecycle and Entitlements

User identity lifecycle and entitlement management is a manual process in AD. Serious and costly breaches, including the Colonial Pipeline ransomware attack, have occurred when domain users were “forgotten.” Forgotten accounts are still able to access assets. It’s important to actively manage users and privileges to safeguard against insider and external threats.

Integrated Reporting

Third-party tools/services are necessary for reporting, especially when your users are accessing confidential and protected information or your industry is subject to compliance or regulatory requirements.

Cross-OS Device Management

Systems must be directly bound to the AD to deploy Group Policy Objects (GPOs) which are registry settings, configurations, or tasks that need to be executed. Mac and Linux systems’ commands and scripts (i.e., no GPOs) cannot be managed from the Windows domain controller, meaning that IT admins must manually configure each system if they choose not to implement add-ons. Even Windows systems must be connected to a VPN to receive policy updates from AD or PowerShell commands, complicating your capacity to effectively manage remote users.

Microsoft’s paid subscription Intune service fills this gap, but Microsoft services aren’t mandatory. An open directory platform, such as JumpCloud integrates with AD to perform this function, but could also manage devices without a domain controller being present.

Patching

There have been over 1,000 patches released from Microsoft to date this year alone. Patch Tuesday has now become “Zero Day Tuesday.” However, it’s possible to deploy software using AD Group Policy, but it doesn’t handle patching Windows systems throughout a domain (or even third-party applications) without a patching solution. 

Patching services may be cloud-based, such as JumpCloud, or on-premise servers. Patching OSs and apps (such as browsers) is vital to prevent Zero Day attacks from being exploited.

AD DS runs on Windows Server, which must be maintained and supported. Domain controllers contain data that determine access to an established network, making it a primary target for cyberattackers looking to corrupt or steal confidential information. It’s even possible for attackers to elevate domain standard users accounts to become domain admins without using malware on unpatched systems. Security tools such as BloodHound and Mimikatz are all that’s required for the AD attack path. 

Standard endpoint detection and response (EDR) won’t detect these intruders, and firewalls won’t stop them. Given these risks, cybersecurity should be a paramount priority for all SMEs. Industry experts routinely recommend a Zero Trust posture.

Active Directory isn’t Zero Trust.

Active Directory and Zero Trust Security

Microsoft has responded to these threats by updating AD’s capabilities for better security, but the requisite setups and changes can be resource intensive or require its premium cloud services. Active Directory works best with on-prem networks and Windows-based environments. AD natively operates by establishing a network of trusted assets, known as a domain, which are protected by an AD domain controller, VPN, firewalls, and other controls.

The objective is to create a strong perimeter to protect trusted resources from the open internet. As a result, external sources of network traffic (e.g., users) must first authenticate and ultimately be authorized to access internal domain resources such as systems and applications.

Zero Trust security, on the other hand, is a security model that effectively eliminates the separation between an internal domain that’s safe and the open internet that’s dangerous. Rather, all sources of network traffic are viewed as potential attack vectors that must generate trust before they are authorized for user access — and with good reason too. Bad actors are now attacking traditional networks from inside and out, often bypassing perimeter-based security by targeting trusted assets. Thus, Zero Trust security is effective because it basically eliminates the concept of trusted assets (i.e., the domain) altogether. Users must prove who they are.

The next-generation Active Directory alternative has been reimagined AD for the cloud era. Cloud directories connect users to their IT resources regardless of their platform, provider, protocol, and location. They’ll also manage all your devices. Additionally, as an identity and access management (IAM) platform, cloud directories forgo the concept of the traditional domain. This provides users with True Single Sign-On™ access to virtually all of their IT resources. SMEs can leverage JumpCloud’s open directory platform to manage identities wherever they reside with the assurance that it will help to deliver Zero Trust security.

Cloud Integration with IT Resources

The cloud directory integrates with the external identities and devices that AD doesn’t support in addition to AD itself. This is made possible through the combination of modern IAM and SSO protocols, automated entitlements management, using MFA to verify users, and CA for privileged user management. You can manage your entire device fleet through JumpCloud.

Centrally Control Identities and Systems

JumpCloud can extend AD and AAD identities and agent-based control (or MDM) to all systems in a fleet, whether they’re Apple, Android, Linux, or Windows devices. Unlike Microsoft, there’s no additional cost to manage your non-Windows devices or Windows without a DC. JumpCloud can also serve as a standalone cloud directory or import identities from Google and Okta. 

End users access their machines with their identity provider’s credentials, and admins can enforce pre-built GPO-like policies on those machines, such as full disk encryption or managing patches. No complex templates are required. SUDO-level permissions and a PowerShell module enable administrators to perform commands on any device, from CRUD operations to benchmark policies. A commands queue offers admins an easy-to-use dashboard for admins to see what commands they have awaiting execution on all their assigned devices and their status. 

Other key features include:

• Automatic high availability and redundancy. There’s no need to license multiple servers or to create a service account that has access to a privileged AD group.
• Telemetry aggregated from devices, events, users, and cloud services with pre-built reports and reporting tools. You’ll even know which users are accessing SSO apps.
• Opt-in Remote Assist, without the complexity of RDP or need to license a solution from a third party. This feature works across multiple operating systems.
• An optional decentralized password manager and vault for your users.
• Zero-touch Mac enrollment is available and Windows Out of the Box Experience (OOBE) is upcoming to onboard remote workers.
• PowerShell command templates to bind Windows PCs to your office printers without a print server.
• PKI as a service (coming soon), eliminating the need for a separate CA (certificate authority) Windows server role.
• The benefit of potentially lowering your TCO.

Manage Wi-Fi and VPN Access

You don’t need AD to access your network. Admins can achieve Cloud RADIUS functionality without additional on-prem infrastructure, and they can ensure users log into Wi-Fi networks (with VLAN tagging) and VPN clients using the same core credentials they use to access their other resources. Delegated authentication includes AAD credentials. Admins can enable Push or TOTP MFA, which is especially useful to secure VPN access to internal network and on-prem resources from switches to servers.

SSO to Everything

The open directory platform builds the stack that you want. A web-based portal is used to access all the apps employees need to do their jobs with best-of-breed solutions. The portal serves as a security control to help eliminate phishing. Pre-built connectors are freely available for common apps. Supported protocols include:

• LDAP
• OIDC
• SAML/SCIM
• RADIUS

Long-standing workflows don’t have to be scrapped in favor of cloud apps. Even Windows file sharing is possible without a domain controller.

Like AD, groups are used to manage access to your apps and resources. The difference is that they are automated with HRIS provisioning included. Attribute-based access control (ABAC) reduces the risk of human error and eliminates the heavy administrative overhead that’s necessary to keep AD privileges and users up to date. 

Boundaries matter less. 

This setup also eliminates the need for complex server management and AD’s global catalog. For instance, specifying an office location could be as simple as creating a directory group assignment.

Integrated MFA and Conditional Access

AD is reliant upon a single factor. MFA is environment wide in the open directory platform. Optional conditional access policies can further restrict access to trusted devices, by geolocation, and more for privileged users. JumpCloud doesn’t charge for MFA for external identities; Microsoft’s AAD does. Microsoft limits CA to AAD P1, P2, and requires integrations for AD. AD doesn’t have these capabilities and must be morphed into something it’s not in order to satisfy modern requirements.

In contrast, there’s far less complexity, labor, and cost when the domain controller is left out of the equation. In addition, there’s a greater opportunity to protect identities. JumpCloud secures identities (and aligned devices) even further with extended detection and response (XDR) integrations from the security vendors of your choosing. Microsoft only makes its security services first-class citizens.

Utilizing an Open Directory Platform

Organizations have already been moving their operations to managed services in the cloud to save the cost and time of maintaining an on-prem domain controller and server rooms. The journey begins by integrating JumpCloud with AD. An open directory platform frees up time and money for IT admins looking to manage a variety of systems and applications from one built-in service. Budget can be allocated toward higher priorities, such as Zero Trust, especially during leaner economic times. JumpCloud is free for your first 10 users or devices with 10 days of chat support up front. 

Sometimes self-service doesn’t get you everything you need. If that’s how you’re feeling, schedule a 30-minute consultation to discuss options for implementation assistance, migration services, custom scripting, and more.

Can I replace Microsoft Active Directory with Azure Active Directory? This is a very common question for IT professionals. With almost all of the IT environment moving to the cloud, there are a number of incentives to move the core directory service to the cloud too. Unfortunately, Microsoft’s path to the cloud can be unwieldy, expensive, and difficult to comprehend. It’s also heavily focused on Windows as its first-class citizen and the Microsoft ecosystem at large.

It all starts with Azure Active Directory (AAD), Microsoft’s foray into cloud-based directory services. It’s reasonable to think that it would have all the capabilities of Active Directory^® (AD), as the name implies, but the truth is more complicated than that — even before Microsoft’s licensing factors in.

Azure AD’s True Purpose

AAD was created to extend Microsoft’s presence into the cloud. It connects Active Directory users with Microsoft Azure services, and is easier to implement than Active Directory Federation Services (ADFS) for single sign-on (SSO). It doesn’t incorporate the full features of Active Directory and lacks support for authentication protocols including LDAP and RADIUS. It may manage non-Microsoft identities, but there are additional fees for multi-factor authentication (MFA). A gated licensing model keeps many features behind a paywall. For example, group management with role-based access control (RBAC) isn’t included with the free tier of AAD.

AAD is the cornerstone of Microsoft’s portfolio of identity, compliance, device management, and security products, because it provides a common identity for Azure, Intune, M365, and more. The permutations of products and challenges of migrating from Active Directory to the cloud have given rise to a cottage industry of consultants for implementation and planning. The breadth of configurations and options may be fitting for enterprises that have considerable resources to support deployments. Considering that it’s not even possible to abide by Microsoft’s best practices for AAD without subscribing to Premium tiers, AAD may be a mismatch for small and medium-sized enterprises (SMEs) that have more essential needs.

Costs tick upward when SEMs are pulled deeper into the Azure ecosystem or require interoperability with services that fall outside of the Microsoft stack. For example, fees are assessed for unrestricted cross-domain SSO and MFA authentications with other identities. 

Replace AD with Azure AD?

Can Azure AD actually be the complete replacement to AD that admins are looking for? Unfortunately, the short answer to that question is no. Azure AD is not a replacement for Active Directory. AAD was originally intended to connect users with Microsoft 365 services, providing a simpler alternative to ADFS for SSO. It has since evolved into a springboard to new subscription services that target enterprise customers and charge for capabilities that on-prem AD provided at no additional cost. 

You don’t have to take our word for it, check out what a Microsoft representative said in this Spiceworks post:

Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It actually provides many more capabilities in a different way.

That’s why there is no actual “migration” path from Active Directory to Azure Active Directory. You can synchronize your on-premises directories (Active Directory or other) to Azure Active Directory but not migrate your computer accounts, group policies, OU etc.

As you can see here Azure Active Directory is an identity and access management solution for hybrid or cloud-only implementations. It can extend the reach of your on-premises identities to any SaaS application hosted in any cloud. It can provide secure remote access to on-premises applications that you want to publish to external users. It can be the center of your cross-organization collaboration by providing access for your partners to your resources. It provides identity management to your consumer-facing application by using social identity providers. Cloud app discovery, Multi-Factor Authentication, protection of your identities in the cloud, reporting of Sign-ins from possibly infected devices, leaked credentials report, user behavioral analysis are a few additional things that we couldn’t even imagine with the traditional Active Directory on-premises.

Even the recently announced Azure Active Directory Domain Services are not a usual DC as a service that you could use to replicate your existing Active Directory implementation to the cloud. It is a stand-alone service that can offer domain services to your Azure VMs and your directory-aware applications if you decide to move them to Azure infrastructure services. But with no replication to any other on-premises or cloud (in a VM) domain controller.

If you want to migrate your domain controllers in the cloud to use them for traditional task you could deploy domain controllers in Azure Virtual Machines and replicate via VPN.

So to conclude, if you would like to extend the reach of your identities to the cloud you can start by synchronizing your Active Directory to Azure AD.

Why Azure AD Can’t Replace AD Outright

When you step back and think about Microsoft’s identity and access management (IAM) strategy, it makes sense that you can’t replace AD with Azure AD. From a business perspective, Active Directory already has more market share than just about any solution they offer.

The on-prem directory acts as a tie that binds a Microsoft network together. By providing a way for customers to shift to a cloud directory service, Microsoft would open up the door to potential customer loss. Instead, it directs SMBs to cloud services that broaden the breadth and depth of its product families. However, these are intended to service enterprise customers and can be difficult to deploy and learn. 

Beyond the business perspective, there are also the technical capabilities to consider. Think of Azure AD as a user management platform for the Azure cloud platform, along with basic web application SSO capabilities. Where Azure falls short is that it doesn’t manage on-prem systems or resources without being integrated with a domain controller or add-on services for Windows.

For example, on-prem Windows (except for Windows 10), Mac, and Linux systems can’t be controlled for user access or systems management without subscribing to Microsoft Intune or Microsoft Endpoint Manager (MEM). Intune has limited functionality for Macs (without more MEM subscriptions) and, at present, has limited Linux support. Windows support is extensive, including auto-pilot onboarding.

Further, non-Microsoft solutions such as AWS and Google Workspace are outside of the scope of provisioning as well. There are a lot of resources that users need that can’t be touched by Azure alone, without adding additional subscriptions. 

While it’s possible to utilize Intune for a domainless enterprise, many organizations are still compelled to have a hybrid environment for full compatibility with AD or ADFS. Microsoft’s reference architecture (diagram below) prescribes both AD and AAD in an environment.

JumpCloud: Extend or Replace Azure Active Directory 

Every environment has different requirements and constraints that can make cloud migration more challenging. Some shops are locked into the Microsoft stack and would benefit from SSO, simplified Zero Trust security, and cross-OS system management that AAD + Intune don’t provide or charge too much for. Other organizations aren’t tied to legacy on-prem systems and can adopt a domainless architecture, saving on infrastructure, management, and rising CAL licensing costs. JumpCloud makes it possible to do either, or anything in between, for individual SMEs or through a multi-tenant portal for MSPs to consolidate tools and deliver value at scale.

JumpCloud’s open directory platform can serve as a cloud replacement to AD. JumpCloud enables admins to have seamless management of users with efficient control over systems (Mac, Windows, and Linux), wired or Wi-Fi networks (via RADIUS), virtual and physical storage (Samba, NAS, Box), cloud and on-prem applications (through SAML, OIDC, RESTful APIs, and LDAP), local and cloud servers (AWS, GCE), and more. Automated group memberships, that pull relevant user attributes from other IdPs or HRIS systems, assist with identity lifecycle management. Environment-wide push/TOTP MFA is implemented for each protocol for free.

Your identities can be assigned to trusted devices. JumpCloud provides mobile device management (MDM) for Android, iOS/iPadOS, Linux, and Windows. Zero-touch onboarding is available for Apple devices. With MDM and the Windows agent, IT teams can leverage GPO-like policies such as full disk encryption. The CLI of each OS is accessible, at root, to deploy custom commands and policies that fall outside of JumpCloud’s point-and-click catalog of policies.

The platform services IT management and security needs with security add-ons, including:

• Cross-OS patch management and browser patching
• Pre-built conditional access policies for more privileged access management
• Cloud Insights for AWS

JumpCloud can also integrate seamlessly with Azure AD, Google Workspace, or Okta to create one core identity provider for an organization. It is truly the cloud-forward directory that is built for the modern IT environment. JumpCloud’s open directory platform is interoperable and frees its users to adopt the IT stack of their choosing from best-of-breed services.

An Open Directory Platform™

The JumpCloud platform does not need to fully own and manage an identity. It consumes identities from different sources to orchestrate access and authorization to resources. This simplifies IT management for SMEs by addressing access control and security challenges that arise from having siloed apps and heterogeneous device endpoints outside of a corporate network. For instance, Microsoft doesn’t interoperate with Google Workspace, so IT professionals would otherwise have to seek alternatives for Identity and Access Control (IAC) and device management. Unfortunately, most other alternatives aren’t an integrated solution.

JumpCloud makes it possible for trusted devices to securely access resources across domains.

Delegated authentication is another option for access control. IT can configure AAD credentials to be used for RADIUS authentication into Wi-Fi networks with JumpCloud. There’s no domain controller or third-party service required.
JumpCloud helps SMEs to improve security, save on licensing, reduce headcount, and save time and effort by consolidating orchestration into a single, open directory that serves as an identity broker. The JumpCloud platform also works with Okta identities to provide RADIUS and LDAP access control, SSO, and system management for your device endpoints.

Try JumpCloud for Free

Want to learn more about how you can replace Active Directory with JumpCloud? It’s as simple as signing up for the JumpCloud Free account. JumpCloud offers all free accounts for 10 users and 10 devices, with no credit card info required. This grants the perfect opportunity for you to try out the entire platform including all of our premium functionality and see exactly how it works for yourself. Need more tailored, white glove implementation assistance? Schedule a free 30-minute technical consultation to learn about the service offerings available to you.

The JumpCloud community is always open for peer discussions about any IT topic.

• Remote Work

• Directory Services
• User Access