The forced Microsoft Account requirement and BitLocker auto encryption can lead to catastrophic issues on Windows if you aren't careful, and especially in the case of a lockout.
Sure, they want you to use Azure AD (now called Entra ID) or maybe Entra Domain services.
But they are absolutely not stopping anyone from hosting their own AD like normal. There even came a few nice improvements to AD in Windows server 2025 so it’s actively being developed. Server 2025 is being supported until 2034. So AD will be supported until AT LEAST 2034 but very very likely much longer.
Nowadays it’s very common to have a hybrid setup with AD and Entra ID where users and devices sync to Entra ID from AD.
Many features are available in AD and/or Entra ID (or any of the other related cloud services like Intune). For example: you can choose if you want your bitlocker keys backed up to Entra or AD.
AD will likely stay relevant for many decades to come. Especially for larger companies with special requirements.
I mean even if not its a virtual machine but they should still have control and backup/disaster recovery. So they could mass download all keys and encrypt it and put it on some other storage. I mean things like that should be done but as a tech person who has worked with this kind of thing I never am really satisfied with any backup and disaster recovery I have come across. Scratch that. Cars.com did a pretty good job overall and I imagine some other large corps do but its amazing how many don’t.
yep, in several countries including where I live. Several government institutions and state-owned companies have been using M$ Azure since 2 years ago.
they’ve been using forced bitlocker for years.
the keys are on the in house domain servers though.
Isn’t Microsoft pushing everyone to host their AD on Azure now?
Sure, they want you to use Azure AD (now called Entra ID) or maybe Entra Domain services. But they are absolutely not stopping anyone from hosting their own AD like normal. There even came a few nice improvements to AD in Windows server 2025 so it’s actively being developed. Server 2025 is being supported until 2034. So AD will be supported until AT LEAST 2034 but very very likely much longer.
Nowadays it’s very common to have a hybrid setup with AD and Entra ID where users and devices sync to Entra ID from AD. Many features are available in AD and/or Entra ID (or any of the other related cloud services like Intune). For example: you can choose if you want your bitlocker keys backed up to Entra or AD.
AD will likely stay relevant for many decades to come. Especially for larger companies with special requirements.
I mean even if not its a virtual machine but they should still have control and backup/disaster recovery. So they could mass download all keys and encrypt it and put it on some other storage. I mean things like that should be done but as a tech person who has worked with this kind of thing I never am really satisfied with any backup and disaster recovery I have come across. Scratch that. Cars.com did a pretty good job overall and I imagine some other large corps do but its amazing how many don’t.
yep, in several countries including where I live. Several government institutions and state-owned companies have been using M$ Azure since 2 years ago.