Event banner
Event details
Another big issue to going cloud native is not one that is Intune or Windows 10/11 related but more on some legacy hardware like a NAS. A NAS needs an AD DS or AAD DS environment to be able to integrate into the environment. Most of the time this is sooo legacy that it doesn't need to be HA. A single DC would solve that issue. AAD would. in a cloud-native approach, be in the lead for managing accounts and groups. So, we are forced to use AAD DS. AAD DS however is always HA and therefore too expensive for most companies. I'm missing an in between solution (or I missed some info somewhere if there is one now) that solves this issue.
- Jason_Sandys
Microsoft
A few comments here from me if I'm following all of the comments packed into that short paragraph: 1. Access to on-prem resources using an AAD joined device is seamless if integrated authentication is used: https://learn.microsoft.com/en-us/azure/active-directory/devices/azuread-join-sso. 2. We can't control the authentication method(s) used by your non-Microsoft solutions. You need to coordinate that with your NAS vendor. 3. Azure AD DS is not a replacement for on-prem AD and is definitely not meant for the scenario you've called out so its cost, with respect to your on-prem resources, is more or less moot. 4. Cloud-native is mostly about your devices and end-users and not necessarily about eliminating your on-prem footprint completely, If you have constraints to legacy resources, then you'll have to make some concessions if you can't eliminate that constraint. If your VPN vendor can't accommodate an alternate auth method and you're tied to it, then you'll need to maintain an on-prem AD footprint. There are various ways to do this, but don't conflate cloud-native with eliminating your on-prem footprint, they are two, potentially parallel and related, different workstreams.
