Compare Entra ID and Active Directory Domain Services (AD DS)

-

 Active Directory Domain Services (AD DS)

  • True directory service, with a hierarchical X.500-based structure
  • Uses organizational units (OUs) and Group policy Objects (GPOs) for management
  • Can be queried and managed through Lightweight Directory Access Protocol (LDAP) calls
  • Primarily uses Kerberos for authentication
  • Include computer objects, representing computers that join an Active Directory domain
  • Uses Domain Name System (DNS) for locating resources such as domain controllers
  • AD DS uses trusts between domains for delegated management
Microsoft Entra ID
  • Primarily an identify solutions that is designed for internet-based applications
  • There are no OUs or GPOs
  • Uses HTTP and HTTPS protocols such as SAML, WS-Federation, and OpenID Connect for authentication
  • Includes federation services, and many third-party services are federated with and trust Microsoft Entra ID



Comments

Post a Comment

Popular posts from this blog

Microsoft Intune Terminology

-
While the general concepts for device management are consistent across management solutions terminology can at times be different and generate confusion for new administrators and users. The below lists common terminology and acronyms in Intune that administrators often need some clarification. Conditional Access:  Microsoft’s Zero Trust policy engine that uses if-then statements to grant users access to resources based on signals from various sources. For example, a user must be on an enrolled and compliant device to access email. User:  A User account in Entra (Entra ID). This account could exist only in the cloud, or it can be synchronized from on premises Active Directory. Device:  A device object in Entra (Entra ID). This is the registration record that is created when a device is added to the directory. Assigned group:  A Group in Entra (Entra ID) with users or devices directly added to it. Dynamic group:  A Group in Entra (Entra ID) who’s...
Read more

How App Protection Policies Work in Intune

-
Image
 As a user logs into APP enabled applications Intune automatically delivers policy targeted to users and then applies the settings specific by the administrator. Most often policies include securing access through Biometric/PIN, encrypting data, and check to see that the device is secure. User’s personal data is also separated from their corporate data. Because of its architecture, APP can be deployed easily in either scenario. As a new user logs into the app, they’ll automatically receive policy before they use the application, and your existing users will also start receiving policy as they open and use protected apps. Finally, the applications can still be securely wiped, and corporate data removed using the same types of processes in you use today. Admins can trigger the wipe from the console, or it could be triggered automatically when a user’s account is disabled. In both scenarios the user’s personal data will remain intact when the wipe occurs.  
Read more