Digital certificates have taken over as the preferred method of network authentication because of their proven superiority to passwords in security and user experience. Many organizations recognize this and want to take their infrastructure to the cloud while also implementing a certificate-based solution. Unfortunately, Microsoft AD environments are having a hard time making the transition due to their attachment to on-premise hardware.
Many admins looking to transition to Azure are often unsure how to implement a PKI on the cloud, or if it’s even possible. In this article we’re going to see if AD CS is a viable solution for a certificate solution in the cloud.
What Is AD CS?
Active Directory Certificate Services (AD CS) is a Windows server designed to issue digital certificates. According to Microsoft, AD CS is the “Server Role that allows you to build a public key infrastructure (PKI) and provide public key cryptography, digital certificates, and digital signature capabilities for your organization.”
It’s important to note, AD CS isn’t technically a PKI; it provides a platform to build and implement a PKI. Certificates need a PKI to operate; however, admins may want to hold off on building their own PKI with AD CS because it’s restrictive and expensive.
Can I use AD CS on the Cloud?
AD CS can only be run on-premise, which is not ideal for an industry quickly moving to the cloud. The restrictive nature of AD CS restricts admins from choosing their own infrastructure and prevents many environments from migrating their systems to the cloud.
Luckily, there are cloud-based alternatives. SecureW2’s Managed Cloud PKI doesn’t require extra hardware to set up (since it’s all on the cloud), can be set up in less than an hour, and comes with tons of certificate automation features that make issuing and managing certificates significantly easier and more cost-effective.
If you’ve been considering switching from your Active Directory to Azure AD, SecureW2 is the only vendor that empowers organizations with 802.1X authentication using Azure AD.
With SecureW2, your organization no longer needs to be held back from going to the cloud because you have on-prem AD CS hardware. Our services are easy to use and can allow you to adapt your infrastructure to the cloud in no time.
Issuing AD CS Certificates to Every Device
One of the biggest hurdles with certificates is how IT admins can get a certificate onto every user device, especially now that nearly every employee has multiple devices. By integrating AD CS with SecureW2, admins can automatically configure both BYODs and managed devices for 802.1X settings and equip them with certificates.
AD CS admins can deploy SecureW2’s onboarding software to automate certificate enrollment and 802.1X configuration. Our automated services relieve admins from manually configuring every BYOD for a certificate. Plus, end users have a far better experience because all they need to do is press a few buttons and their devices handle the rest.
AD CS admins can also integrate their MDMs, like Microsoft Intune, with SecureW2 to securely distribute certificates to every managed device. Using our Management Portal, admins can set up powerful Certificate Auto-Enrollment Gateway APIs so they can send out payloads containing 802.1X configuration settings. Every managed network device can self-service themselves with a certificate. Check out our page on using SCEP to enroll EAP-TLS certificates with Intune.
Secure Cloud Based 802.1X With AD CS
Garnering your network cloud based 802.1X certificate security is a sure-fire way to ensure your organization’s data remains secure. Combining AD CS and SecureW2 is the best way to distribute and manage your certificates. Our Cloud PKI and Cloud RADIUS are cheaper, more versatile and easier to use then any on-premise alternative. Contact us here for more information on how to get started!