Share via

Migrate Active directory Certificate Service to azure

RagavendraDayakar-6627 0 Reputation points
2023-02-09T05:38:20.3933333+00:00

Team,

I have a situation where we need to migrate One Root CA server + One Intermediate server running on windows 2012 R2 to Azure with Existing hierarchy, this CA is used to issues internal certificate to websites, dekstop, laptop and devices.

for authentication we still continue to use Azure AD and Internal AD

Please suggest best practice for migrating Root CA and Intermediate CA to azure and any alternate solution like Certificate as service provided by Azure to server above purpose.

Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator
    2023-02-13T12:45:56.0266667+00:00

    @RagavendraDayakar-6627 Thank you for reaching out to us, let me check the best approach/practices of Migrating Root/Intermediate CA to Azure, give me couple of days time to check on this and revert back on CA migration to Azure.

    As you asked for alternate solution within Azure, we do have Azure AD certificate-based authentication (CBA) enables customers to allow or require users to authenticate directly with X.509 certificates against their Azure Active Directory (Azure AD) for applications and browser sign-in.

    Not sure if it completely replaces your existing PKI solution, would suggest to go through Azure AD CBA documentation what it offers/how it works -

    How does Azure AD certificate-based authentication work?

    Key benefits of using Azure AD CBA

    Let me know if you have any further questions, feel free to post back.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.