Hello my friends, often there are discussions, if/whether Microsoft loves Linux. I want to give you an prominent concrete example, which shows that all the buzz from Microsoft is only marketing, where it benefits them. They are not neutral or even friendly to Linux. The example i want to give here is the following:
Linux Desktops (Computers/Laptops) outside of AzureAD are not able to use a Microsoft Azure ActiveDirectory (Short AAD) for Authentication. And Microsoft wants Companies to remove their OnPremiseAD and move totally into the Cloud with a managed ActiveDirectory (AD) and Companies really consider it (ha..). With Windows of course this works, with Apple Microsoft says there are additional Partners which provide this. When you ask Microsoft or Azure Representatives: a big glaring NOTHING. Multiple Microsoft people were asked, if there would be at least defacto authentication possibility.. no response or sth like "it's not supported".
The funny Thing is:
- Linux Desktops can authenticate against LDAP and Kerberos (which are a large Block of ActiveDirectory)
- Linux Desktops can authenticate with OpenID/OAuth2 against an OpenID/Oauth Provider like Keycloak (and AAD also supports that)
- Linux Desktops can authenticate against an OnPremise Active ActiveDirectory within a Company environment
- Linux VMs WITHIN Azure can use the AAD for Authentication. (there are several github repositories for that)
Therefore, it really cannot be that hard, to replicate this feature technically for generic linux clients, even if it does not support the full featureset (like conditional access for example)
But the service that Desktop Computers or Laptops with an Linux OS can authenticate against an Microsoft AAD service does not exist, is not supported and carefully avoided in the documentation. And Microsoft employees hush about it.
Why would you want that Linux uses an Cloud-ActiveDirectory for Authentication?
- it give you the possibility of choice on your desktop platforms
- it is easy to buy and easy to operate from, as you do not have to run onprem servers (everything in the cloud)
- from my POV you could even relatively easy migrate away from it, but you have to know what you do, and design your desktops for it.
I admit, not everybody wants that, and that's totally okay – but i am lowkey furious that it is not possible for a desktop linux to authenticate against these systems. From my point of view this is discrimination.
This is my yearly insight, that, again, microsoft only loves money and market control. do not trust them. they are cornering the market again. We are after Extend and short before Extinguish from my POV.
What's your opinion on that topic?