Taking a spin off of this question: Do I really need MS Active Directory? in a new direction for 2014.
Taking into account a basic Windows infrastructure:
- domain controllers
- Exchange 2007/2010/2013
- Sharepoint
- SQL
- File Servers / Print Servers
- AD Integrated DNS
- AD authenticated 3rd party devices (let's say 802.1X for networking and maybe some content-filtering, etc.)
- AD/LDAP authenticated "administrative" functions on IT apps/hardware/etc.
- perhaps some KMS stuff
- throw in a CA if you'd like
- home grown apps
- 3rd party in-house apps
Now, let's rip it all out and decide we are going to the cloud. We've contracted to move Exchange/Sharepoint/File Services to Office 365. SQL will now be hosted as well on something like Azure. We've gotten away from the need for AD-DNS and simply run everything via a simple Windows DNS server. We still need 802.1X and would like SSO if possible to our various cloud apps. Home grown and 3rd party in-house apps would likely stay, but have the ability to use internal user databases instead of AD authentication
The question is...do we really need Active Directory at all?
Or more to the point, AD on-premise or even hosted via Azure or similar (ADFS) or running ADDS on a hosted VM through Azure or similar. Could/Should we look to something else like a 3rd party SSO option such as http://www.onelogin.com/partners/app-partners/office-365/ or similar that can provide SSO functionality even if it is as simple as LastPass or similar for each user?
What kind of legitimate needs does AD fulfill if everything else in the cloud?
Could a MS-centric infrastructure get away with not having AD at all if they move everything that previously relied on AD to SaaS offerings that didn't rely on AD authentication?