Why would a cloud-only SMB company need to implement Active Directory?

Cristian Ruiz 191 Reputation points

I have a customer with less than 20 users, and already has implemented a Microsoft 365 solution, using teams, sharepoint, and exchange online. What is the reason to implement Active Directory? They want to improve security to have more control of confidencial data, files, and security in general. Could that be the reason to implement on-premise AD or using AAD and cloud tools is enough?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,542 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Alfredo Revilla (MSFT) 26,756 Reputation points

    Azure Active Directory is the next evolution of identity and access management solutions for the cloud. Microsoft introduced Active Directory Domain Services in Windows 2000 to give organizations the ability to manage multiple on-premises infrastructure components and systems using a single identity per user.

    Azure AD takes this approach to the next level by providing organizations with an Identity as a Service (IDaaS) solution for all their apps across cloud and on-premises.

    I recommend AADS only if you have on premise resources (shares, apps, etc) that you would like to control and access using your cloud identity. Also I would recommend the managed service, Azure Active Directory Domain Services.

    Please let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.

  2. Abhijeet-MSFT 541 Reputation points Microsoft Employee

    Just to add to what is mentioned above, there are a lot of scenarios where your customer may want to use Onprem AD. I am listing some of them below and would be happy to discuss any other requirements that your customer may have:

    Your customer may have a requirement where in he would like to store his files locally on a file server and also configure appropriate permissions to control who has access and who does not have access.
    Your customer may have a requirement to run some legacy applications that only use Kerberos/NTLM protocol for authentication.
    Your customer would like to manage the configuration on desktops used by the users (like access to certain programs and features, restrict admin control, etc.)
    Your customer may have a requirement to have an internal public key/ Certificate Authority infrastructure. That would also need you to have onprem ad for some scenarios.
    Your customer has an application that relies only on LDAP protocol to get user information.

    Having said that, we do have an alternative to having to administer an onprem AD which is Azure AD Domain Service. This can eliminate the need of having an Onpremise AD to some extent. You can refer https://learn.microsoft.com/en-us/azure/active-directory-domain-services/overview

    0 comments No comments