Is an on-premise service required to use Azure AD?

Red.AZ1 1 Reputation point

I am setting up infrastructure for a new entity (~40 users) that will be providing consulting services. I would like to use cloud-only identity management, using Azure AD as the sole identity management solution. There is no on-premise. Users will all work remotely. User applications will primarily include Microsoft365 apps and Salesforce with SharePoint for file share. There will be no applications that require the protocols and services that Windows AD provides (LDAP, Kerberos, NTLM...). Can this design work? Benefits and risks? with thanks - JR

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,079 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. JimmySalian-2011 41,956 Reputation points

    Hi JR,

    I think that is the best approach to use Azure AD and the benefits are vast and some of the points I have listed below, also you can deploy Intune to manage the devices and manage BYOD model.

    Security wise you can monnitor and control the users, devices via Conditional Access policies, Sentinel for monitoring and alerts. OneDrive and SharePoint is part of the O365 suite, so SAAS based app model to integrate with your Salesforce and SSO.

    More details over here for Licenses and features that will assist you to understand - active-directory-whatis

    Azure Active Directory (AAD)
    (Microsoft Cloud Directory service)

    Despite its similar sounding name to traditional Active Directory, this is a different service that is hosted by Microsoft and is the top-level object in Microsoft Cloud (O365, D365 and Azure).

    Contains user, group, and contact objects.

    Windows 10 and newer computers can join AAD while older operating system machines cannot.

    Can be synchronized with a Windows Server AD (see above) via the ADConnect tool so the same username and password can be used for both.

    Supports Active Directory Federation Services (ADFS) where authentication requests in the Microsoft Cloud are redirected to AD for validation and then redirected back to the cloud to access resources.

    Azure Active Directory Domain Services (AAD DS)
    (Microsoft’s alternative to Windows Server AD in Azure)

    An Azure hosted, Microsoft managed AD.

    Most of the same capabilities as traditional, on-premises Windows Server AD with some limitations due to lack of administrative access to the actual domain controllers (Microsoft manages that).

    Synchronizes with AAD (which is synchronized with on an on-premises Windows Server AD) and allows VMs running in Azure to join it regardless of the type of Windows OS (e.g. Windows 10/8/7 or Server 2008/2012/2016/2019).

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

  2. Givary-MSFT 29,261 Reputation points Microsoft Employee

    Hi @Red.AZ1

    Just checking to see if you were able to see the response from @JimmySalian-2011 if above information was helpful or not. If you have any further updates on this issue, please feel free to post back.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments