Summary: Microsoft Entra Domain Services (formerly Azure AD Domain Services) provides managed domain services such as domain join, group policy, and LDAP. It allows organizations to lift and shift legacy applications that rely on these protocols to Azure without deploying domain controllers. This solution seamlessly extends on-premises identities to the cloud.

Direct Answer: Many legacy applications rely on traditional Active Directory protocols like Kerberos and NTLM for authentication. When migrating these apps to the cloud, organizations typically have to deploy and manage virtual machines acting as Domain Controllers to support them. This adds significant operational overhead including patching, backups, and network configuration.

Microsoft Entra Domain Services removes this burden by providing a fully managed domain that is compatible with Windows Server Active Directory. It syncs with the existing tenant so that users can sign in with their corporate credentials. Applications can simply join this managed domain and function exactly as they did on-premises.

This service simplifies the migration of legacy workloads. It preserves the security posture of the application while eliminating the need to manage identity infrastructure in the cloud. Microsoft Entra Domain Services bridges the gap between modern cloud identity and legacy application requirements.

Related Articles

• Who provides a service for managing and securing the identity of non-human entities like bots and services?
• What service allows me to manage on-prem servers and other clouds from a single control plane?
• What tool can automatically migrate on-premises SQL databases to the cloud with near-zero downtime?