Microsoft’s Name Change Game: Azure AD to Microsoft Entra ID Explained!

Featured

Entra ID

In the dynamic world of technology, change is the only constant. Microsoft, an industry leader, is known for its constant innovation. The most recent change in the company’s lineup is rebranding Azure Active Directory (Azure AD) to Microsoft Entra ID. This move is a shift in the company’s direction and, as with any change, has sparked questions and speculation. This blog post explores this change, its reasons, and what we can expect from Microsoft Entra ID.

Microsoft’s Name Change Game: Azure AD to Microsoft Entra ID

Microsoft has always had a flair for naming its products uniquely yet simplistically. Azure AD, the cloud-based identity and access management service, is now being rebranded as Microsoft Entra ID. This change is not just about a new name; it’s also about Microsoft’s vision for the future of its identity services. They want the name to reflect the product’s purpose and function. Azure AD has been a significant player in the Microsoft ecosystem, providing seamless access control and identity protection across various applications and services.

The change from Azure AD to Microsoft Entra ID is not a decision taken lightly. It represents a strategic shift in Microsoft’s identity services space. As Microsoft continues to make strides in the cloud computing, they have decided that rebranding Azure AD to Microsoft Entra ID will better align with their future roadmap. This shift also comes with an expanded vision for the product to provide a more secure and efficient identity management solution for Microsoft’s users.

Why is Microsoft changing the name of Azure AD to Microsoft Entra ID?

Microsoft’s decision to rebrand Azure AD to Microsoft Entra ID seems to stem from a desire to make the product’s function more evident in its name. Azure AD is often mistaken for a directory service in the cloud, which it is not. It is an identity and access management service. The new name, Microsoft Entra ID, is meant to reflect this better. Entra, derived from ‘entrance,’ and ID, short for ‘identity,’ gets straight to the point – it’s all about managing identities and access.

Moreover, Microsoft is also looking to restrict its identity services from Azure. Despite the name, Azure AD isn’t tied solely to Microsoft Azure but is used across many Microsoft services. The name change to Microsoft Entra ID is intended to remove this confusion and highlight that the service is a standalone product that functions across all Microsoft services, not just Azure.

Unveiling Microsoft Entra ID: What to expect from Microsoft’s rebranding

With the unveiling of Microsoft Entra ID, Microsoft is introducing a more intuitive, efficient, and secure identity management service. Microsoft promises that this rebranding comes with enhancements that will provide a seamless experience to its users. Microsoft Entra ID’s primary goal remains the same as Azure AD’s: to provide secure and reliable access control over various applications and services.

In addition, Microsoft is also planning to introduce new features and improvements in Microsoft Entra ID. While the details are still under wraps, we can expect a more streamlined identity management service designed to meet the changing needs of businesses and individuals. The essence of the tool remains the same, but with a fresh look, a clearer purpose, and hopefully, a more powerful punch.

Microsoft’s rebranding of Azure AD to Microsoft Entra ID represents an evolution in its identity and access management services. This change, whilst initially seeming simply cosmetic, is a strategic move that aligns with Microsoft’s vision for the future of its identity services. While change can sometimes be daunting, this shift from Azure AD to Microsoft Entra ID is much more than a mere name change. It is a promise of a better, more efficient, and more streamlined service that aims to meet the changing demands of identity management in the ever-evolving landscape of cloud computing. As I dive more into Entra ID and understand its roadmap, I will publish an updated post.

Until next time,

Rob

Azure vs AWS vs Google Cloud: The Ultimate Cloud Marketplace Showdown

Featured

In today’s rapidly evolving digital landscape, businesses and developers increasingly use cloud marketplaces to access various applications, services, and tools. The leading cloud providers—Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP)—each offer a unique marketplace experience catering to diverse needs and preferences. This comprehensive blog post will dive deep into the world of cloud marketplaces, comparing Azure, AWS, and Google on multiple dimensions, including user experience, available services, pricing, and more. Let’s get started!

  1. User Experience

Azure Marketplace: Microsoft Azure boasts an intuitive and visually appealing user interface, making it easy for users to navigate and discover relevant services. A well-organized layout and comprehensive search functionality simplify finding, deploying, and managing applications and services.

AWS Marketplace: The AWS Marketplace is similarly user-friendly, with a clean interface allowing users to browse and find services without hassle. It offers advanced filtering options, enabling users to narrow their search based on specific criteria such as pricing, rating, etc.

Google Cloud Marketplace: Google Cloud Marketplace is known for its simplicity and easy-to-use interface. It incorporates Google’s signature minimalist design, making it an enjoyable user experience. Like the other two, Google Cloud Marketplace also provides advanced search and filtering options to streamline the search process.

  1. Available Services

Azure Marketplace: Azure Marketplace offers various applications and services, including AI and machine learning, data analytics, security, and IoT solutions. Microsoft has a robust ecosystem of partners, allowing them to provide a wide variety of third-party applications and services that cater to the unique needs of its customers.

AWS Marketplace: AWS Marketplace has an extensive selection of applications and services, making it one of the most comprehensive cloud marketplaces available. It covers everything from machine learning and big data to application development and security, ensuring users can find the tools to build and maintain their cloud infrastructure.

Google Cloud Marketplace: While Google Cloud Marketplace may not have as many offerings as Azure and AWS, it still provides an impressive range of services, including data analytics, AI and machine learning, and security tools. Google has rapidly expanded its marketplace, consistently adding new applications and services to stay competitive.

  1. Pricing

Azure Marketplace: Microsoft Azure follows a pay-as-you-go pricing model for most services, meaning users only pay for what they use. Some services have a fixed monthly fee, while others provide a combination of free and paid tiers. Azure also offers cost management tools to help users monitor and control their spending.

AWS Marketplace: Like Azure, AWS employs a pay-as-you-go model for most services. It also provides several cost-saving options, such as reserved instances and savings plans. AWS’s cost management tools allow users to track and optimize their spending across various services effectively.

Google Cloud Marketplace: Google Cloud also adheres to a pay-as-you-go pricing model, with additional options for committed use contracts and sustained discounts. Google’s pricing is often considered more competitive than Azure and AWS, making it an attractive choice for cost-conscious users.

  1. Support and Ecosystem

Azure Marketplace: Microsoft Azure has an extensive support network, including an active community forum, documentation, and tutorials. Additionally, users can access premium support services for a fee. The Azure ecosystem is expansive, with a multitude of partners offering a variety of services and applications.

AWS Marketplace: AWS provides many support options, including documentation, tutorials, and an active community forum. Like Azure, AWS also offers excellent support for a fee. The AWS ecosystem is vast, and its marketplace continually grows as more partners, and third-party providers join the platform.

Google Cloud Marketplace: Google Cloud offers a robust support system, including comprehensive documentation, tutorials, and a community forum. While premium support is available for a fee, Google also provides various free resources to help users navigate their cloud journey. The Google Cloud ecosystem is steadily growing, with new partners and third-party providers continually added to the marketplace.

  1. Compliance and Security

Azure Marketplace: Microsoft Azure is known for its commitment to security and compliance, offering various certifications and attestations to meet multiple industry standards. Azure’s Security Center provides users an integrated security monitoring and policy management solution to safeguard their cloud resources.

AWS Marketplace: AWS is equally committed to security and compliance, with numerous certifications and attestations available to address industry-specific requirements. AWS offers robust security features, such as identity and access management, threat detection, and encryption, ensuring a secure cloud environment for users.

Google Cloud Marketplace: Google Cloud takes security and compliance seriously, strongly focusing on data protection and privacy. It offers certifications and attestations to meet industry standards and provides tools like Cloud Security Command Center to help users monitor and manage their cloud security.

Conclusion

The choice between Azure, AWS, and Google Cloud Marketplaces ultimately depends on your unique needs, preferences, and budget. Each provider offers a slightly different user experience, range of services, pricing model, and support ecosystem. When selecting a cloud marketplace, consider your organization’s infrastructure, technical requirements, and long-term growth plans.

Microsoft Azure is an excellent choice for organizations already using Microsoft products and services, as it offers seamless integration with their existing infrastructure. AWS Marketplace provides many applications and services, making it ideal for those seeking a comprehensive cloud solution. With its competitive pricing and a strong focus on data protection, Google Cloud Marketplace is an attractive option for cost-conscious users and organizations prioritizing data privacy.

Ultimately, the best cloud marketplace for your organization will depend on your specific requirements and goals. Take the time to explore each platform, evaluate its offerings, and select the one that best aligns with your organization’s vision for the future.

Until next time,

Rob

Azure Active Directory, Active Directory Domain Services – What’s the difference?

Here is a subject I hear and get asked over and over again.  Is Azure Active Directory (AAD) the same as Active Directory Domain Services (AD DS).

Let me be very clear.  Azure Active Directory is NOT a cloud version of Active Directory Domain Services, and in fact, it bears minimal resemblance to its on-premises names at all.

The number one question I get asked: “How do I join my servers to Azure AD?”. IT admins expect (not unexpectedly) to be able to use Azure AD just like they have always used Active Directory Domain Services. So let’s compare AD DS (and particularly the domain services part of AD DS) to AAD.  Let me educate you 🙂

What is Active Directory?

Most of us have probably worked with it for years, and now you’re looking to move to the cloud and understand what AAD is. Let’s start with a recap of what AD DS is. 

Active Directory Domain Services was introduced as a hierarchical authentication and authorization database system to replace the flat file Domain system in use on NT4 and previous servers.

The NT4 domain model in 2000 was straining at the seams to keep up with evolving corporate structures, hampered by some quite severe limitations – maximum of 26,000 objects in a flat file “bucket”, only 5 kinds of fixed objects whose structure (properties etc.) could not be changed, maximum size of the database of 40Mb etc. NT4 Domains also primarily used NetBIOS (another flat file, Microsoft specific system) for its name resolution.

For a lot of larger organizations, this necessitated multiple domain databases with very limited and complicated interactions between those domains. Active Directory Domain Services (just called Active Directory in those days) was released with Windows Server 2000 and was based upon the X.500 hierarchical network standard that companies such as Novel’s NDS and Banyan Vines were using at the time.

AD DS also used DNS as its name resolution system and the TCP/IP communication protocols in use on the internet. It brought in the idea of a directory system which contained a “schema” database (the set of “rules” that define the properties or attributes of objects created in the “domain” database) which could be added to or “extended” to create either entirely new objects or new properties of existing objects.

Size limitations were also thrown out the window, with Microsoft creating directory systems in the billions of objects (given enough storage!) in their test labs.

Here is a list of the essential functions that make up AD DS:

  • Secure Object store, including Users, Computers and Groups
  • Object organization use OU’s, Domains and Forests
  • Common Authentication and Authorization provider
  • LDAP, NTLM, Kerberos
  • Group Policy
  • Customizable Schema

Along with Domain Services, there are also components like Certificate Services, Federation Services, and Privileged Access Management.

From its inception, AD DS quickly became the defacto directory system in most organizations, even today.

What is Azure Active Directory

So if you know what Active Directory Domain Services is, then how does this compare to Azure Active Directory? The answer to this is, not very closely. The decision to name AAD after AD, in my opinion, was more of a marketing decision than a technical one. This has lead to years of confusion. In many ways, AAD was designed for a world where PaaS and SaaS services were the default choice, not for IaaS in the cloud.

Azure Active Directory is a secure authentication store, which can contain users and groups, but that is about where the similarities end. AAD is a cloud-based identity management store for modern applications. AAD is designed to allow you to create users, groups, and applications that work with modern authentication mechanisms like SAML and OAuth.

Applications are an object that exists in AAD but not in AD DS. Applications allow you to create an identity for your applications that you can grant access for users to, and to allow you to grant your users access to applications owned by others.

What AAD does not provide is any AD DS service beyond user management.

  • You can’t join computers to an Azure AD domain in the way you would with AD DS. There is something called Azure AD Join, but this is a different animal that I’ll address below. This means there are no computer objects in your AAD to apply things like GPOs to, and no centralized control of user rights on those machines.
  • There is no Group Policy. AAD has some policy tools like conditional access, but it is more focused on access to applications.
  • No support for LDAP, directory queries all use the REST API, Graph or PowerShell/CLI
  • There’s no support for NTLM or Kerberos. AAD is modern authentication protocols only
  • There’s no schema you have access to or can modify
  • Flat structure, no OU’s, Domains or Forests

So, at this point, it’s obvious now that Azure AD is a very different thing to AD DS. AAD is for user, group and application management in the cloud. If your building all new services using PaaS or SaaS and using modern authentication protocols then you should be all set with AAD, it’s what it was designed for.

However, if your running IaaS in Azure and want AD DS to domain join machines and create GPO’s, then AAD won’t cut it for you (and that is by design).

Active Directory on Azure

Hopefully, now it’s clear what AAD is and isn’t, and if your building modern apps and AAD does what you need, then you can stop here.

However, if you are going down the IaaS route in Azure and you feel you still need the services of an AD domain, what alternatives are there?

Azure AD Join

I mentioned this briefly earlier; it is possible to join devices directly to Azure AD. AAD Join is limited to Windows 10 machines only and provides limited functionality, certainly nothing like a full AD join.

When Azure AD joined, it is then possible to login to machines using Azure AD user accounts. You can apply conditional access policies that require machines to be AAD joined before accessing resources or applications. If you’re looking for a way to provide common user account management across Windows 10 machines, then this may work for you.

Azure AD Domain Services

If you need more than just user management, then it is possible to extend Azure AD to offer more AD based services using Azure AD Domain Services. AAD DS is an Azure product that you enable on your virtual network which deploys two domain controllers. They are managed by Microsoft and synchronized with your Azure AD tenant. This allows admins to grant machine access to users in your AAD tenant, but also to implement things like custom OU’s, group policy, LDAP queries, NTLM and Kerberos.

This is a domain managed by Microsoft, so you do not have to worry about patching your domain controllers or ensuring they are up. However, it also means you do not have full control of the domain. For example, you do not have domain admin rights, only enough rights to undertake the tasks Microsoft allows. You can see a full breakdown of AAD DS limitations here.

AD Domain Controllers on Azure

Nothing is stopping you just deploying some virtual machines in Azure and turning them into domain controllers. This is a support configuration and is in use by many people who need the full suite of services provided by AD inside Azure.

The downside to this approach is that you need to manage this yourself. You need to take care of patching and updating your servers, backing up your domain and any other maintenance you require. You are also in charge of making sure it is highly available and implementing a DR strategy if you require it. If you need all that AD DS has to offer then, this can be a great option, but if all you want is a common user store for machine login, it might be overkill.

Access your On-Premises AD Domain

Finally, you can also extend your existing on-premises domain into Azure. Using ExpressRoute or VPN, you can connect your on-premises network to your Azure vNet and allow access to domain controllers. You can even deploy IaaS domain controllers in Azure that are joined to your on-premises domain. This then adds a dependency to your infrastructure of connectivity back to the on-premises network, so this connectivity becomes a key point of failure. You need to ensure that resiliency is built in.

Summary

If your new to Azure and especially identity in Azure, I hope clears things up. This is a new, modern authentication provider and is not Active Directory Domain Services in the cloud. AAD does not behave like the AD DS you know and love and really shouldn’t be compared to it, it is a different service.

If you need AD DS in your cloud environment, then there are options to achieve this, but AAD is not going to give you that. Take a look at the options listed in this blog post and see what meets your needs.

Until next time, Rob

Azure’s New Virtual Machine Serial Console Brings Needed Features for VM Users

Sometimes Microsoft Azure virtual machine admins need alternative access points to help configure and diagnose problems that the standard Azure tools can’t deliver. 

That’s where the public preview for Microsoft’s new Azure Serial Console for Virtual Machines can help by providing direct access through a COM1 serial port to address code or system problems that have become unresponsive. Continue reading

Azure Security Center: A Complete Guide

To realize the full benefit of any cloud computing platform—Azure, AWS, or any other—you need to implement best practices related to security and compliance. All too often, data center security takes a backseat to data center design, which puts businesses at a disadvantage when it comes to keeping up with data regulations and preventing data breaches. A 2017 report from Intel Security notes that only 23% of organizations completely trust public clouds to keep their data secure. But with the right resources, it is possible for your organization to achieve both compliance and security in the cloud—without high costs, special expertise, or performance setbacks. Continue reading

Joining 5nine Software as Director of Product Management

Today, I am excited to announce I will be joining the awesome team at 5nine Software as Director of Product Management. My primary job responsibilities will be for the product strategy and direction of 5nine’s security and management solutions.
5nineSo, you ask, why Product Management? It’s been a lifelong dream to be part of shaping the direction of a technology solution.  By joining 5nine, I hope to simplify IT, Cloud and beyond, because there’s always a better way 🙂

“What prepared me for this was very surprising looking back.”

Continue reading

Windows User Profiles…The Mysteries Untold – Part 1

Happy New Year Everyone…This is my first blog post of 2017. Woo Hoo!!  As always, I love to blog about questions from the field.  This one came from a customer testing their new Virtual Desktop Infrustrure (VDI) on Nutanix and had 1 out of 50 users profiles be corrupt. He asked why did this happen and how can I avoid this in the future. Now, I would say that 1 corrupt profile out of 50 is fine during a test, but let understand why it happens. This topic is especially important to understand because directly relates to VDI and your end-user experience in VDI.

Windows User Profiles

What is a Windows User Profile? It not just your desktop 🙂

Continue reading

Storage Spaces Direct Explained – Applications & Performance

Applications

Microsoft SQL Server product group announced that SQL Server, either virtual or bare metal, is fully supported on Storage Spaces Direct. The Exchange Team did not have a clear endorsement for Exchange on S2D and clearly still prefers that Exchange is deployed on physical servers with local JBODs using Exchange Database Availability Groups or that customers simply move to O365.
image031

Continue reading