top | item 46318150

(no title)

lucideng | 2 months ago

AD/Entra is pretty good in my experience working with it. Self-hosting Entra is basically running a Windows Server + Domain Controller, or one of the alternatives you mentioned. Not something I would typically recommend to a customer unless they already had it running and were experienced in it.

IMO, the best way to "handle identity across Windows and Linux" is Microsoft's own tools. You can join Windows, Mac, and Linux machines into Entra now. For $8 a month you can get an F3 license for a user. This gets you the MS Office Suite (web only) plus Intune/Endpoint Management for 5 active devices, licensed Windows 11 Enterprise (good for machines without an included windows license), the ability to control Device Policy and Conditional Access Policy. The F1 license ($2.25) might work, but don't quote me on that (read-only office, no mobile apps, no Windows Hello for Business).

Mac and Linux machines aren't as robust as Windows for endpoint management. But the core features you'd want are mostly there. Apple business manager is needed and has to be paired with Entra, but it's not completely terrible. The Microsoft documentation is actually very helpful here.

discuss

marenkay|2 months ago

Fair point - Microsoft has definitely made it easier for cross-platform deployment with Entra ID, and for many orgs the F3 license math works out.

May I ask, has the fact that the data and service is under US residency and subject to US laws ever been an issue for you? That's the niche I'm trying to understand - whether it's big enough to matter or just an odd edge case.