Solved: Re: Customer wants pros/con for On-prem AD vs Azure AD vs AD FS

bjames · ‎06-18-2024

Hi, setting up a customer for trial but they were asking about going forward and would like to know advantages of doing On-prem auth versus Azure AD versus AD FS? Other than the proxies, are there any advantages or cons in one over the other?

As well, when looking at Azure AD there was the following note: Note: If you use Entra ID (Azure AD) as your SAML IdP for Duo Single Sign-On you cannot also protect Office 365 with Duo Single Sign-On.

What does this mean?

Thanks in advance

M02@rt37 · ‎06-18-2024

Hello @bjames

When setting up authentication for your customer, choosing between On-premises Active Directory, Azure Active Directory, and AD FS depends on their specific needs and resources.

On-premises AD offers maximum control and customization, seamless integration with on-premises applications, and potentially lower latency for local resources, but it requires significant ongoing maintenance, infrastructure costs, and robust disaster recovery planning.

Azure AD, on the other hand, provides simplified management through the Azure portal, automatic scalability, seamless integration with cloud services like Microsoft 365, and built-in security features, making it often more cost-effective; however, it relies on a stable internet connection, offers less control over the infrastructure, and may require additional expertise for integration. AD FS enables SSO across various applications and offers control over authentication processes, but it can be complex to set up and manage and requires regular maintenance and high-availability configurations. Additionally, a notable limitation when using Azure AD as a SAML IdP for Duo SSO is that you cannot simultaneously protect Office 365 with Duo Single Sign-On, meaning you need to choose which service will be protected by Duo SSO or consider alternative configurations if protecting both is essential.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

M02@rt37 · ‎06-18-2024

Hello @bjames

When setting up authentication for your customer, choosing between On-premises Active Directory, Azure Active Directory, and AD FS depends on their specific needs and resources.

On-premises AD offers maximum control and customization, seamless integration with on-premises applications, and potentially lower latency for local resources, but it requires significant ongoing maintenance, infrastructure costs, and robust disaster recovery planning.

Azure AD, on the other hand, provides simplified management through the Azure portal, automatic scalability, seamless integration with cloud services like Microsoft 365, and built-in security features, making it often more cost-effective; however, it relies on a stable internet connection, offers less control over the infrastructure, and may require additional expertise for integration. AD FS enables SSO across various applications and offers control over authentication processes, but it can be complex to set up and manage and requires regular maintenance and high-availability configurations. Additionally, a notable limitation when using Azure AD as a SAML IdP for Duo SSO is that you cannot simultaneously protect Office 365 with Duo Single Sign-On, meaning you need to choose which service will be protected by Duo SSO or consider alternative configurations if protecting both is essential.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.