Microsoft Azure is an umbrella. It has various cloud services. These include Azure Active Directory or AAD. Also known as Azure AD, this service might seem like a replacement. You might think it replaces on-prem AD or cloud-based solutions. However, an organization that needs a directory service takes many factors into consideration. Many don’t know the cost of owning Azure AD. Let’s look into it!
Azure AD Cost
On-prem AD identities extend using Azure AD. There it works as a user management function. In web-applications, single sign-on capabilities get enabled. The selling of Azure AD takes place in four tiers. Each tier has one subscription package. Azure AD offers a freebie which depends on what package you select. This functions as a management system for identity. Controlling Azure user access.
However, the free subscription does not come with access management. Moreover, there is no identity management either. Single sign-on for most applications and IAM features are not available either.
Furthermore, AAD is itself a directory service. This is for organizations that don’t have an AD instance. Using AAD with on-prem AD will result in limited administrative capabilities. Hence, you won’t be able to employ the suite. GPOs can’t be permitted. Authentication of local IT resources will be a problem. Like file servers and applications.
Microsoft tools for Azure AD
AAD is fully leveraged using Microsoft tools. As suggested by Microsoft’s reference architecture. Hence, needs more solutions if AAD identities connect to other IT resources.
There is one important thing. With AAD, encouragement to use Azure throughout the environment is there. AAD encourages Microsoft’s services and applications. Along with with that its infrastructure. The strategy was a success in the past. Microsoft is looking to employing it again. This will lock-in customers to use Microsoft Services.
For the Total Cost. We are exploring other indirectly related costs. They are necessary but not always. These are the Azure Active Directory service. Azure system needs this. Its infrastructure and more.
An equation is there. This equation helps to understand the total cost. It is:
Costs of AAD=Azure AD DS + Azure AD Premium Package + Active Directory + LDAP Server + Add-ons for Linux and Mac + Radius Server + Management/Integration Time
Azure AD DS Cost
Azure AD DS is a controller of Domain. It is a service for virtual machines. Also for a legacy application. It charges per hour. Hence, the price is based on the directory number of objects.
Microsoft has termed AAD DS as a managed domain. It is for users, services, and applications to consume. This can change the available management tasks. Moreover, the privileges one has with managed domain.
AAD DS is different from on-prem AD. There are a number of differences. These include a lack of enterprise and domain admin privileges. Moreover, the addition of the on-prem domain controller to a managed domain is not taken place.
For the usage of AAD and Azure AD DS. You will need full AD capabilities. Hence, this will factor in the associated costs for that.
Active Directory Cost
AD has a number of costs. Which include software, server and licensing.
Windows Server: Software
You will need to purchase the software. That you can install on the server. Since 2016, the Windows server license is on per CPU core. This changes it from a previous socketed CPU structure. The purchase of a license is in 2 or 16 packs.
Domain Controllers: Servers
Usage of on-prem with Azure AD servers is a cost. You can set up a virtual environment. Or maintain a room for the servers. Therefore, both the factor cost AAD. Furthermore, the need for a budget for redundant servers will be there. This is in case the primary domain controller fails.
Client Access Licenses: licensing
Client access licenses are an important cost. Moreover, the purchase is on device count or user count.
Linux, Mac, and other Non-Microsoft Resources. The Add Ons
You will need to seek a third party tool. If you use Linux or Mac with Azure AD. Hence, the tool is needed for system management and central user. Locally authentication will be required if you have AD on-prem. Therefore, if you have Mac or Linux, you can authenticate it locally. However, there will be a struggle without central user management. Moreover, without GPO like capabilities for those platforms.
Furthermore, associated identity management costs will have to manage. If you aren’t hosting all server infrastructure in Azure. You will have to use other services. Hence, use cloud infrastructure providers like AWS and GCP. Some platform offers its own managed AD services. However, make sure they can connect back to your AD. Or to your Azure. Hence, this work is not easy. It can add a great deal of fragility to the IAM environment.
AAD doesn’t come with Cloud LDAP functions. You will need an LDAP server for it. As well as, service on-prem LDAP applications.
Azure AD DS allows the migration of legacy applications. This can be done to Azure entirely. This service, however, has an extra cost. Also the work around the migration of applications. Hence, it is not easy.
Cloud RADIUS functionality isn’t included with Azure AD. However, you can signup for it. RADIUS server on-prem can be bought. Or have the capability of managing VPN access and WiFi. This is an important security component.
Evaluation of Azure AD
Azure AD is a solution for a Microsoft shop. Therefore, It has already established AD. It only needs to extend IT resource management. That will be done to the cloud. However, existing stacks should be assessed by the organizations. Moreover, if Azure AD will address their needs. Before they go to make a purchase. Especially if IT needs are fulfilled.
Besides, with AAD, the purchase of Azure AD DS will be needed. The Maintenance of Azure AD Connect and on-prem AD. RADIUS and LDAP instances. Moreover, extensions to MAC and Linux systems. These all total to cost centers.
Hence, Azure AD is not a solution for all. It doesn’t meet certain use cases.