In this episode we are discussing the future of Azure AD.
Paula J.:
Just a few words about Sander. Basically, you are an expert in Active Directory and Azure AD and everything that is related with Ocksidert, including the commissioning, right?
Sander B.:
Yes. Yes, I do stuff with Active Directory.
Paula J.:
Absolutely. You’re also an MVP?
Sander B.:
Yes, yes. I’ve been it for 9 years now.
Paula J.:
Perfect. You’re very active on social media and you’ve got a block space on the DirTeam?
Sander B.:
Yes.
Paula J.:
Can you share?
Sander B.:
Paula J.:
Dirteam.com, perfect. Twitter handle?
Sander B.:
My twitter handle’s just my name without space so it’s @Sander Berkouwer.
Paula J.:
Awesome.
Sander B.:
You see how that patches up?
Paula J.:
Yeah.
Sander B.:
When we both pronounce it.
Paula J.:
Absolutely. Perfect. It was the same.
Sander B.:
Yeah, it was the same.
Paula J.:
Cool, cool. So I’ve got difficult questions for you, Sander.
Sander B.:
Alright, try me.
On Prem vs. the Cloud – which active directory is safer?
Paula J.:
One of the questions is, what active directory is safer? Because everybody wants to know that. The one on Prem or in the Cloud? Bring it on.
Sander B.:
Wow. So, what time period are you referring to? Like, now till 5 years from now or 5 years till 10 years from now?
Paula J.:
Let’s say 5 years because that’s quite easy to predict.
Sander B.:
The first coming 5 years. I think, the first 5 years Azure AD is going to be the safer cloud because it’s run by Microsoft, it’s run by professionals. It has massive scale, beyond what anyone of us could comprehend. On Prem active directory it is just hit or miss kind of implementation thing. If you hit it then, well you’re probably a large company, large organization and if you’re not then… well, you’re probably already on Azure AD.
I think Azure AD is the safer active directory. Although, I always like to say that as your active directory is Azure but not an active directory but okay, let’s say Azure active directory is the safer active directory.
Paula J.:
That sounds good. So, in the next 10 years, I guess we’re going to be revolved a regular directory on Prem or what do you think? Is it an option in general?
Sander B.:
Yeah, I feel it’s an option in general. Definitely, because there’s already companies that don’t have on Prem active directory and you know, if you start a company today then I don’t think you’d start off with the main controller or an exchange server on Prem or anything like that. Just purchase 5 or 65 licenses and be done with it.
Paula J.:
It’s so easy to set it up in a Cloud, right?
Sander B.:
Yes, it’s perhaps even too easy.
Paula J.:
Too easy sometimes?
Sander B.:
Yeah, I’ve visited a lot of customers of course, for my work, and what I see is that some organizations have embraced Office 365, even use Intune. One of the first questions that I ask them is, You know what, “How do you manage your Azure active directory?” Even at some larger organizations, they would say, “How do we manage our what?”
Paula J.:
What? What was that? Like, Azure what?
Sander B.:
So, what you see is that Microsoft has gone to great length. Sort of hiding that Office 365 leverages as your active directory, as it’s identity provider. Even if you’ve looked at Azure AD connect and you set up a running party trust. What you see is that the running party trust is Office 365 identity platform and not just Azure active directory.
Paula J.:
Yeah, it sounds very proudly.
Sander B.:
Yeah, yeah.
Paula J.:
It sounds like it’s uh…
Sander B.:
Yeah, let’s name it like the money maker it is.
Paula J.:
Yeah, absolutely. It sounds like a title for the future which could indict what’s going to happen, maybe?
Sander B.:
Maybe.
Paula J.:
Isn’t it disturbing in general, when you’ve got Office 365 or in general Azure AD, there are not that many operations that you can do from a security perspective as you normally do on Prem. Isn’t it like this?
Sander B.:
Wow.
Can you do the same things in Azure AD as in Prem?
Paula J.:
In the regular AD you’ve got role separation, the management, you know exactly what’s happening over there. In Azure AD, let’s maybe even stick to this. Do you have the same? Can you do the same types of procedures as normally in Prem?
Sander B.:
So, I heard you say segregation of duties of course and management and auditing and stuff like that. You can all do that.
If you look at Azure and Azure as a whole then you’d see that there’s role-based access control are back based on Azure AD. There’s not much are back on Azure AD today but you’ve got global admins, user admins, stuff like that. It’s silly sometimes because you need global admins, rights for very tiny settings sometimes. There’s definitely management. I mean, today Azure has two portals, no? There are loads to manage, obviously then.
Monitoring… it’s funny because if you look at the graph I.P.I and of course as atipros we say, the graph I.P.I you can use that to get information out of your active directory. The graph I.P.I is used by everything to communicate to Azure AD. So, Azure AD connect, Azure AD PowerShell and the list goes on and on. You can also use that and you can make an application in Azure AD as a directory reader and tell it, just dump all the auditing information in a storage account.
Then from that storage account what you do is that you talk to it with invoke dash rep requests and you get that auditing information out of there. What the larger companies are doing right now is they’re defining a management style where they want one management pane for both on Prem and the Cloud.
Paula J.:
That definitely explains a lot about how this is done and so on.
What to start with when it comes to the beginners
Okay, cool. So, two questions that are from outside of the subject, yeah? One’s going to be like If you’re going to see a person that wants to be like you and be like “Oh, I want to be so smart like this guy is,” and so on. What should this person do?
Sander B.:
Alright, first of all, don’t be like me. Really you don’t want to.
Paula J.:
I’m not sure that’s a good recommendation. You know so many things about IT.
Sander B.:
Yeah, but I also do stupid stuff. Obviously, everyone does. The other thing is if you really want to do stuff with Azure AD, just begin.
Paula J.:
Okay, so they need to sign up for the subscriptions or…
Sander B.:
Yeah, just sign up and Raymond and I have some recommendations in a presentation as well and just follow them. Just sign up, verify your dean as domain names and just go, go, go. You can’t really mess up an Azure AD tenant.
Paula J.:
So, it’s too simple? That’s good to start definitely. It’s good to start that was the question.
Sander B.:
It’s good to start, yeah.
Paula J.:
Exactly.
Sander B.:
Just like active directories.
Paula J.:
Yeah.
Sander B.:
You explain it to beginners, “you know it’s like a tree, upside down, you have the branches and organization and you understand that” oh yeah, that’s a good analogy and you go with that. Azure AD has its Cloud and it’s more Cloud and you go with it.
A piece of advice for advanced users
Paula J.:
And, you go with it. Okay, cool and what about someone being super advanced like, I’m the super advanced person that works in the big enterprise and this person wants to be better in all the services that they’ve got? Should they consider some integration maybe? Like, with on Prem services, with the Cloud services to use Azure AD in some areas, what do you think? What would you recommend?
Sander B.:
Well, I think that all depends on the organization and their strategy and their road map and where they want to be in a couple of years. The biggest thing that you need to do in Cloud, in general, I think if you look at integration and infrastructure as code and stuff like that is, don’t assume.
Paula J.:
Okay.
Sander B.:
If you think that Azure works in a certain way just measure it, measure it again, measure it again, look under the cover, look what it does. Look into the code of the product or whatever. Then make an informed decision on how to handle that. I come across many AD pros today that just assume that a product works a certain way because I don’t know, active directory always does that or identity products always do that but sometimes it just doesn’t work that way in Azure active directory. That’s a good thing because you don’t want to … it’s a funny situation.
Paula J.:
Yeah, it’s funny.
Sander B.:
Today active directory, well this year active directory’s 20 years old.
Paula J.:
Yeah.
Sander B.:
So, what will Azure AD look like in 20 years?
Paula J.:
Well, what do you think? It’s going be there maybe just this, no longer active directory that we got on Prem, yeah?
Sander B.:
Just Azure identity, yeah.
Paula J.:
Like, getting more and more advanced and collecting more and more information about us?
Sander B.:
Yeah, probably. What you see is that Microsoft has to reset as your infrastructure as a service.
Paula J.:
Yeah.
Sander B.:
Because they made some naive choices, perhaps? Some choices that they couldn’t use further down the road. I just hope we don’t have to do that with Azure active directory. Or, if we have to do that, that it’s a seamless experience and that we don’t have to do many of the nasty pruning and grafting, and takeovers and stuff like that, that we have to do now like active directory.
Paula J.:
Yeah, okay. Cool, it’s a great advice.
Sander B.:
Thank you.
Paula J.:
Perfect. Okay, guys, summarizing, Sander was talking about Azure active directory and all the pros and cons for it. Actually, more of the things that we have discussed already, definitely in class over there. We have discussed the future of Azure AD and active directory also on Premise. How it’s going to be potentially in time because everything indicates that we’re going into the direction of the Cloud.
Sander B.:
Yes.
Paula J.:
That we should definitely look into it because it’s very easy. So, the only thing you need to do is sign up for it and then set it up. If you want to have it more advanced, of course then you need to spend more time on it but starting it isn’t that bad. It’s accessible for everybody because it’s in the Cloud. That’s the whole benefit of it. Yeah?
Sander B.:
Yes.
Paula J.:
Cool. Thank you so much.
Sander B.:
Thank you.