Implications of migrating On Prem Identities to Azure AD

Question

One of my customers would like to know what are all the implications and what all precautions one needs to take before migrating all their identities to Azure and use Azure AD as the main AD.
Any kind of documentation on this would be really helpful.
I would also need to show the various workflows how the authentication for a user accessing a particular resource would work using Azure AD and use of various technologies like PIM, CA etc.
Thanks

Answer 1

Hi pallab,

All of the main limitations are described in this article. https://learn.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-service-limits-restrictions

There are limits to the number of managed domains and resources you can create, and there are restrictions around group syncing.

This document also describes a lot of the precautions and considerations:

https://learn.microsoft.com/en-us/azure/security/fundamentals/choose-ad-authn

If they're looking for a truly cloud-only setup, they should note that Azure Active Directory is not designed to be the cloud version of Active Directory or a replacement for an on-premises Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It provides a lot of extra capabilities as well, but the differences should be noted.

Answer 2

What is the purpose of Azure AD DS, the managed service, isn't that a replacement of your On Prem DCs ?