If LAN is legacy, what is the UN-legacy...?

scottalanmiller

@dafyre said:

So now @NTG is pretty much using SSH keys for authentication into the lab environments, etc?

No other centralized authentication system at all now?

Azure AD to the pure Windows 10 back office people. Other than them, no central password account management. Like many companies, once we played around with not using it, we found that we weren't getting much out of it.

scottalanmiller

@Dashrender said:

But you are using AAD, right?

For the Windows 10 office people like @ataylor14 and @jenuinecase yes.

dafyre

@scottalanmiller said:

@Dashrender said:

But you are using AAD, right?

For the Windows 10 office people like @ataylor14 and @jenuinecase yes.

So I refer you to my previous question... If Azure AD (AAD?) adds that much complexity -- why keep it around?

Dashrender

@scottalanmiller said:

@Dashrender said:

But you are using AAD, right?

For the Windows 10 office people like @ataylor14 and @jenuinecase yes.

Now the question is - is the SSO worth it even for those who choose to still be on Windows?

scottalanmiller

@dafyre said:

So I refer you to my previous question... If Azure AD (AAD?) adds that much complexity -- why keep it around?

It doesn't, we were talking about AD, not Azure AD which are completely different mechanisms.

Azure AD has no servers, no licensing and is already there and completely included in things we already own. We do nothing for it. All we do is sign in with it and ta da, it is there. Zero overhead.

scottalanmiller

@Dashrender said:

@scottalanmiller said:

@Dashrender said:

But you are using AAD, right?

For the Windows 10 office people like @ataylor14 and @jenuinecase yes.

Now the question is - is the SSO worth it even for those who choose to still be on Windows?

Yes, because there is really zero overhead, no LAN dependency, no location dependency, no cost and it provides additional management through a channel we have to manage already so no additional work for free authentication benefits.

dafyre

@scottalanmiller said:

@dafyre said:

So I refer you to my previous question... If Azure AD (AAD?) adds that much complexity -- why keep it around?

It doesn't, we were talking about AD, not Azure AD which are completely different mechanisms.

Azure AD has no servers, no licensing and is already there and completely included in things we already own. We do nothing for it. All we do is sign in with it and ta da, it is there. Zero overhead.

Ok, that is where I was getting confused.

scottalanmiller

This only works because those people were deemed separately to need Windows 10 and would be staying up to date on the latest Windows. While other teams are moving to Linux and there Azure AD won't work (yet.)

scottalanmiller

Quick Recap:

Active Directory is the "old LAN way" with LAN or LAN-like dependencies.
Azure AD is a similar system without a LAN dependencies, server dependencies, etc.

wirestyle22

@Dashrender Can't you use those reverse engineered drivers? I think Tricerat makes them.

Dashrender

@wirestyle22 said:

@Dashrender Can't you use those reverse engineered drivers? I think Tricerat makes them.

Drivers for what?

wirestyle22

@Dashrender Printers being your bane using your example. Sorry I got lunch I've been away

scottalanmiller

@wirestyle22 said:

@Dashrender Printers being your bane using your example

LOL, I'd quote who you are responding to That was many posts ago.

coliver

@scottalanmiller said:

This only works because those people were deemed separately to need Windows 10 and would be staying up to date on the latest Windows. While other teams are moving to Linux and there Azure AD won't work (yet.)

Are they going to be introducing AADFS or a similar SSO option?

Dashrender

@wirestyle22 said:

@Dashrender Printers being your bane using your example. Sorry I got lunch I've been away

It's not about drives, it's about deploying printers.

I haven't looked at AAD enough yet to look at printers - But I'm guessing since AAD doesn't have Group Policy (or at least I don't think it does) you can't use AAD to deploy printers. So now printers all end up like stand alone devices from 25 years ago or more and manual driver deployment or a third party deployment solution.

Dashrender

@coliver said:

@scottalanmiller said:

This only works because those people were deemed separately to need Windows 10 and would be staying up to date on the latest Windows. While other teams are moving to Linux and there Azure AD won't work (yet.)

Are they going to be introducing AADFS or a similar SSO option?

According to Scott, things like O365 already work with SSO with AAD.

wirestyle22

@scottalanmiller said:

@wirestyle22 said:

@Dashrender Printers being your bane using your example

LOL, I'd quote who you are responding to That was many posts ago.

sorry!

scottalanmiller

@coliver said:

@scottalanmiller said:

This only works because those people were deemed separately to need Windows 10 and would be staying up to date on the latest Windows. While other teams are moving to Linux and there Azure AD won't work (yet.)

Are they going to be introducing AADFS or a similar SSO option?

ADFS already merges AD and Azure AD if you want to do that. We do not, ADFS ads a lot of problems. It can be cool, but it is a pain too. Don't do it casually.

My guess is that they are going to expand Azure AD to promote Azure and Office 365 services because that is going to be where the money is. But it is just a guess.

My hope is that MS gets this all set up and get Mac OSX and Linux to authenticate to it. Even if only CentOS/RHEL, Linux Mint, Ubuntu, Zorin and OpenSuse get it working, that would be amazing.

scottalanmiller

@Dashrender said:

@wirestyle22 said:

@Dashrender Printers being your bane using your example. Sorry I got lunch I've been away

It's not about drives, it's about deploying printers.

I haven't looked at AAD enough yet to look at printers - But I'm guessing since AAD doesn't have Group Policy (or at least I don't think it does) you can't use AAD to deploy printers. So now printers all end up like stand alone devices from 25 years ago or more and manual driver deployment or a third party deployment solution.

I do not believe that it does, it does not "include" it, but you might be able to get it to work otherwise.

However GP requires a legacy file server structure, so we need to see that evolve into something more modern, too.

Right now, the answer for that is dropping AD and GPO and moving to MDM instead. That's the way that most places that do this are going.

scottalanmiller

@Dashrender said:

@coliver said:

@scottalanmiller said:

This only works because those people were deemed separately to need Windows 10 and would be staying up to date on the latest Windows. While other teams are moving to Linux and there Azure AD won't work (yet.)

Are they going to be introducing AADFS or a similar SSO option?

According to Scott, things like O365 already work with SSO with AAD.

Yup, at least to some degree. What I want MS to do is to give us hooks into the SSO. SSO for Windows 10 + Office 365 is wonderful, but limited. I want my third party CRM and my ownCloud and my XO and stuff like that to all authenticate to Azure AD.

I think that they will, if they don't, Google is going to grab that market from them in no time and then it will be too late.