{"id":99067,"date":"2023-10-04T11:30:00","date_gmt":"2023-10-04T15:30:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=99067"},"modified":"2024-12-20T13:45:44","modified_gmt":"2024-12-20T18:45:44","slug":"rethinking-active-directory-domain-trust-for-the-cloud","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud","title":{"rendered":"Rethinking Active Directory Domain Trust for the Cloud"},"content":{"rendered":"\n<p>Active Directory\u2019s (AD) trust relationship flows are a familiar concept to many IT admins who are charged with mapping out which authenticated users can access which network resources across domains. Configurations can be complex and trust extends beyond AD to the entire IT infrastructure, your counterparts at the other organizations, and ultimately <em>all<\/em> of its users.<\/p>\n\n\n\n<p>Modernizing AD means adopting cloud services that have more of a flat organizational structure. Users from other organizations are segmented into groups where external users are granted the appropriate entitlements, their devices are managed by unified endpoint management (UEM), and identity and access management (IAM) enforce memberships. Continuous evaluation takes the place of AD domain and forest trust relationships.<\/p>\n\n\n\n<p>This article provides an overview of how legacy trust relationships are managed through lifecycle automation and IAM security controls in cloud directories, modernizing AD while reducing risks and infrastructure costs. In turn, identities and devices of all kinds can be challenged before access, aka \u201ctrust,\u201d is granted. It also compares Entra with 探花大神\u2019s open directory and how they\u2019re used to modernize AD.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Cross-Domain Trusts<\/h2>\n\n\n\n<p>Active Directory Domain Services (AD DS) interdomain forest trust relationships provide a way for authentications to be trusted across domains. A login on one domain is trusted by another because there are \u201cbonds\u201d between the domains in a forest or tree. This configuration simplifies user and service access to global resources and centralizes administration and security.<\/p>\n\n\n\n<p>There are many benefits to this hierarchical approach, and it\u2019s understandable that admins who are well acquainted with AD would expect the same from a cloud directory. However, this approach, like AD itself, was intended for a <a href=\"https:\/\/jumpcloud.com\/blog\/active-directory-faq\">different era in computing<\/a> where networks were the only perimeter versus a cloud directory, which explicitly validates trust for all access requests.&nbsp;<\/p>\n\n\n\n<p>AD doesn\u2019t take a modern <a href=\"https:\/\/jumpcloud.com\/resources\/zero-trust-security\">Zero Trust<\/a> approach to security where you \u201cassume breach\u201d and \u201ctrust nothing.\u201d Trust is generally inherent in AD domain trusts. Consider that you not only place trust in a domain, you also trust an entire infrastructure, all of the endpoints, people, and its processes. Let\u2019s explore what AD domain \u201ctrust\u201d actually means from a cybersecurity perspective.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Trust in IT Infrastructures<\/h3>\n\n\n\n<p>With AD, you trust a domain\u2019s encryption, network segmentation, and threat protection at the highest level. The full scope of a domain&#8217;s network infrastructure includes numerous considerations ranging from endpoints to network configurations to physical security.<\/p>\n\n\n\n<p>Ask yourself what you\u2019re trusting:&nbsp;<\/p>\n\n\n\n<ul>\n<li><strong>Endpoints:<\/strong> Are endpoints and servers being patched? Do they have Endpoint Detection and Response (EDR) deployed? Are there policies managing Windows endpoints in AD? Are non-Windows services being managed? Is data being backed up?<\/li>\n\n\n\n<li><strong>Active Directory:<\/strong> Is Enhanced Security Admin Environment (ESAE) architecture being followed to follow a privileged access strategy for admins? Is there an appropriate focus on identity lifecycle management or identity protection to prevent lateral movement through AD in the event of a breach? Do you fully trust those configurations? Are less robust legacy authentication protocols such as NTLM being used for compatibility? Do you have full visibility into event logs and other indicators of attack?<\/li>\n\n\n\n<li><strong>Networks: <\/strong>Is firmware on switches and firewalls being updated? Is the filtering and security adequate to detect and prevent security incidents? Is there multi-factor authentication (MFA) deployed in that infrastructure? Are solutions such as Security Information and Event Management (SIEM) being used and are those supported well enough?<\/li>\n\n\n\n<li><strong>Physical security: <\/strong>Are server rooms and other network assets being secured? Are there procedures to log and limit access to sensitive infrastructure? Is there a disaster recovery plan to ensure business operations in the event of a catastrophe?<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Trust in People<\/h3>\n\n\n\n<p>You not only trust your admin peers; you trust all of their users (and vendors). You trust their hardware and software supply chain. You trust how well insider threats are being recognized and handled as well as the organization&#8217;s level of security awareness.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">No Zero Trust Controls<\/h3>\n\n\n\n<ul>\n<li>AD lacks continuous access evaluation<\/li>\n\n\n\n<li>AD lacks native support for MFA, whether hardware or software based<\/li>\n\n\n\n<li>AD lacks privileged access management<\/li>\n\n\n\n<li>AD has no conditional access for devices and users<\/li>\n<\/ul>\n\n\n\n<p>Ultimately, AD doesn\u2019t meet modern IT requirements by itself. Traditional domain trusts are insufficient to meet the objectives of a Zero Trust security strategy. Microsoft recognizes this and <a href=\"https:\/\/learn.microsoft.com\/en-us\/security\/cybersecurity-reference-architecture\/mcra\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">strongly recommends<\/a> that organizations that use AD for their identity security strategy also adopt its cloud security solutions including Defender for Identity and Defender for Endpoint to identify security incidents and orchestrate a response to compromised identities\/devices. <\/p>\n\n\n\n<p>Microsoft Defender for Endpoint is also recommended if you to extend monitoring to server threats, which also places Microsoft in control of your Endpoint Detection and Response (EDR).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Modernizing AD with Cloud IAM and UEM<\/h2>\n\n\n\n<p>Microsoft takes an enterprise approach to solving collaboration challenges while 探花大神 works best for small and medium-sized enterprises (SMEs) that have limited IT resources and are seeking more straightforward solutions. Microsoft extends AD with Entra ID\u2019s premium tier of identity governance and a variety of licenses for security services. 探花大神 combines AD integration with automated lifecycle management through dynamic groups and built-in UEM, delivering a Zero Trust security strategy with identity governance and administration.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Microsoft\u2019s Monolithic Approach<\/h3>\n\n\n\n<p>Microsoft <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/architecture\/multi-tenant-user-management-introduction\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">recommends<\/a> using a single Entra ID cloud tenant (when possible) for consistency in how resources are supported, managed, and governed. A common topology is to have one AD Connect sync server sync one of multiple domains from a forest to Entra. Otherwise, multiple forests must be reachable by a single server that\u2019s placed within a DMZ or screened subnet.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"429\" height=\"245\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/10\/Microsoft-graphic.png\" alt=\"Microsoft graphic\" class=\"wp-image-99071\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/Microsoft-graphic.png 429w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/Microsoft-graphic-300x171.png 300w\" sizes=\"(max-width: 429px) 100vw, 429px\" \/><figcaption class=\"wp-element-caption\">Image credit: Microsoft<\/figcaption><\/figure>\n\n\n\n<p>Deploying multiple tenants is more complex, but supported by Entra ID\u2019s enterprise collaboration feature where external users from trusted domains are given user objects in the directory. Access packages are used to grant entitlements, which authorizes user access to apps and groups. Device claims and MFA is trusted from other Entra ID tenants, but Entra handles the AuthN\/AuthZ and clearing the B2B relationships for tenants, i.e., \u201cdomains.\u201d<\/p>\n\n\n\n<p>Entra\u2019s enterprise IAM features are available for those applications and identities. Microsoft\u2019s reference architecture then prescribes using its security services to monitor identities and AD. It\u2019s possible to consolidate your domains\u2019 management and security with this stack, but one price doesn\u2019t mean \u201cintegrated.\u201d The automations and workflows aren\u2019t trivial, and change is constant. The preferred practice is to engage with a vendor, indefinitely, to maintain it all.<\/p>\n\n\n\n<p>Premium licenses are required for access reviews, and your team (and potentially dedicated new hires) must be qualified to use it all. Entra\u2019s enterprise features are robust, but aren\u2019t easily understood. Admins must understand how to use access packages, which premium licenses to use, and how to configure the appropriate RBAC roles for guests, or be comfortable with using privileged admins to make approval decisions to support your cross tenant ID workflows.<\/p>\n\n\n\n<p>A new cross-tennant synchronization feature is in preview.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><p><strong>Note:<\/strong> Privileged access in hybrid AD environments means subscribing to Azure ID Identity Protection, a premium tier feature. Defender for Identity is a separate subscription recommended to check for signals of compromise in on-premises AD. Otherwise, it\u2019s possible for attackers to move laterally through the Microsoft stack to your domain controllers.<\/p><\/div><\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">探花大神\u2019s Open Directory Platform<\/h3>\n\n\n\n<p>探花大神 is an open directory platform that manages identities as a standalone identity provider (IdP) and through federation with other IdPs. It includes <a href=\"https:\/\/jumpcloud.com\/platform\/mdm\">unified endpoint management (UEM)<\/a> to secure access from every device from Android to Apple products to Linux and Windows, using either agents or mobile device management (MDM). 探花大神 supports web authentication and common network protocols, and API provisioning, all from the cloud.<\/p>\n\n\n\n<p>Supported protocols include:<\/p>\n\n\n\n<ul>\n<li>SAML and OIDC<\/li>\n\n\n\n<li>LDAP and RADIUS<\/li>\n\n\n\n<li>Pre-built integrations with popular HR systems<\/li>\n\n\n\n<li>探花大神 also offers a secure <a href=\"https:\/\/jumpcloud.com\/platform\/password-manager\">decentralized password manager<\/a> with business collaboration features and management for when SSO isn\u2019t an option<\/li>\n<\/ul>\n\n\n\n<p>Authentication and authorization features:<\/p>\n\n\n\n<ul>\n<li><a href=\"https:\/\/jumpcloud.com\/support\/get-started-jumpcloud-go\">探花大神 Go<\/a>, a phishing resistant hardware-bound credential that delivers passwordless modern authentication<\/li>\n\n\n\n<li>Easy to use <a href=\"https:\/\/jumpcloud.com\/support\/get-started-conditional-access-policies\">conditional access policies<\/a> for privileged access control<\/li>\n\n\n\n<li>Certificate-based authentication for RADIUS<\/li>\n\n\n\n<li>Platform-wide push MFA and TOTP<\/li>\n\n\n\n<li>WebAuthn<\/li>\n\n\n\n<li>SCIM provisioning<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>Cross-OS system and browser <a href=\"https:\/\/jumpcloud.com\/platform\/patch-management\">patch management<\/a> is also available as an add-on. <\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<p>探花大神 can be used as part of your identity security strategy to modernize AD while keeping your IdP independent. Crucially, its approach reduces complexity for the admins who implement and support your systems. 探花大神 makes it possible for a smaller team to accomplish more out of the box without having to enlist outside vendors and consultants to implement it.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>Read about <a href=\"https:\/\/jumpcloud.com\/blog\/comparing-jumpcloud-azure-ad-intune\">how 探花大神 compares to Entra ID and Intune<\/a>.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<p>探花大神\u2019s <a href=\"https:\/\/jumpcloud.com\/support\/get-started-adi\">Active Directory Integration<\/a> (ADI) integrates AD with the open directory platform. There are several options for configuring AD and 探花大神, depending on your company\u2019s needs and objectives. Recent enhancements include a more scalable deployment model that\u2019s deployed on a member server within your domain to configure syncing. It\u2019s also now possible to sync multiple domains to 探花大神 at once. Delegated authentication (similar to passthrough authentication) leverages existing credentials from AD without forcing password resets.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"285\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/10\/JC.png\" alt=\"Active Directory Domain graphic flow chart\" class=\"wp-image-99072\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/JC.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/JC-300x167.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">How Is 探花大神 Different from Microsoft?<\/h2>\n\n\n\n<p>探花大神 utilizes <a href=\"https:\/\/jumpcloud.com\/blog\/welcome-to-groups\">dynamic groups<\/a> to scale how admins manage users and devices from a single pane of glass. Entra has dynamic groups, but expressions must be created by admins and Intune\u2019s device management is a separate product. 探花大神\u2019s rules-based automation is pre-built and foundational. Dynamic groups use attributes from your AD (or HR systems) to improve your security while optimizing IT management. Ultimately, admins can spend less time working on onboarding and lifecycle management tasks and more time on higher priorities.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"349\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/10\/New-Device-group.png\" alt=\"New Device Group\" class=\"wp-image-99073\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/New-Device-group.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/New-Device-group-300x204.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<p>Dynamic groups provide for automated \u201caccess reviews\u201d without premium pricing or having to reskill your team to use enterprise identity governance solutions from Microsoft. This governance is applied to your domains as you integrate them with 探花大神\u2019s open directory. AD will be modernized without starting over and ripping out everything that you\u2019ve built. Authentication is also stronger than Kerberos, and is separate from Microsoft&#8217;s security stack.<\/p>\n\n\n\n<p>The combination of dynamic groups and 探花大神 Go, with unified IAM\/UEM and broad support for common authentication protocols, makes modern authentication more practical to deploy. Many organizations are breached when MFA solutions aren&#8217;t fully utilized and gaps exist in coverage. Most organizations deploy more than Windows devices, but Windows Hello, Microsoft\u2019s modern authentication solution, won\u2019t integrate at the device-user login level beyond Windows. Management costs and security risks increase when non-Microsoft products and solutions such as Google Workspace and MacOS devices exist in siloed authentication flows.<\/p>\n\n\n\n<p>探花大神\u2019s unified IAM\/UEM platform breaks down silos for defensive security uplift against cyber threats. It unifies disparate source domains when it\u2019s used for AuthN\/AuthZ to your resources; you gain visibility into the activities that occur across multiple domains and what resources users are logged into. Integrating your preferred security tools with 探花大神 can leverage those events to identify incidents and orchestrate a response.&nbsp;<\/p>\n\n\n\n<p>To be clear, 探花大神 isn\u2019t an SIEM but it features built-in reports as well as integrated tools called <a href=\"https:\/\/jumpcloud.com\/support\/directory-insights\" target=\"_blank\" rel=\"noreferrer noopener\">Directory Insights<\/a> and <a href=\"https:\/\/jumpcloud.com\/support\/system-insights\">System Insights<\/a> for event logging and compliance.<\/p>\n\n\n\n<p>Ultimately, 探花大神 makes many of the \u201cpremium\u201d features found in Entra and Intune more accessible while preserving flexibility, provides the choice to use best-of-breed solutions without compromising on Microsoft monoculture, and gives you greater control over your identities.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Schedule a 探花大神 Demo<\/h2>\n\n\n\n<p><a href=\"https:\/\/jumpcloud.com\/guided-simulations\">Schedule a demo<\/a> to discuss how 探花大神 modernizes AD and to learn more about our options for implementation assistance, migration services, custom scripting, and more.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>Having one price doesn\u2019t mean that it\u2019s integrated. Find out more about the <a href=\"https:\/\/jumpcloud.com\/blog\/evaluating-the-costs-and-risks-of-migrating-to-m365\">costs and risks<\/a> of adopting Microsoft 365.<\/p>\n <\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Active Directory domain trusts won\u2019t explicitly validate trust for all access requests, but modernizing AD can make it happen.<\/p>\n","protected":false},"author":150,"featured_media":99074,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[2337,2753],"tags":[],"collection":[2779,2777],"platform":[],"funnel_stage":[3015],"coauthors":[2535],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Rethinking Active Directory Domain Trust for the Cloud - 探花大神<\/title>\n<meta name=\"description\" content=\"Active Directory domain trusts won\u2019t explicitly validate trust for all access requests, but modernizing AD can make it happen.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Rethinking Active Directory Domain Trust for the Cloud\" \/>\n<meta property=\"og:description\" content=\"Active Directory domain trusts won\u2019t explicitly validate trust for all access requests, but modernizing AD can make it happen.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud\" \/>\n<meta property=\"og:site_name\" content=\"探花大神\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-04T15:30:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-12-20T18:45:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/1372091104.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"750\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"David Worthington\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"David Worthington\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud\"},\"author\":{\"name\":\"David Worthington\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e\"},\"headline\":\"Rethinking Active Directory Domain Trust for the Cloud\",\"datePublished\":\"2023-10-04T15:30:00+00:00\",\"dateModified\":\"2024-12-20T18:45:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud\"},\"wordCount\":1957,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/1372091104.jpg\",\"articleSection\":[\"Remote Work\",\"Unification\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud\",\"url\":\"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud\",\"name\":\"Rethinking Active Directory Domain Trust for the Cloud - 探花大神\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/1372091104.jpg\",\"datePublished\":\"2023-10-04T15:30:00+00:00\",\"dateModified\":\"2024-12-20T18:45:44+00:00\",\"description\":\"Active Directory domain trusts won\u2019t explicitly validate trust for all access requests, but modernizing AD can make it happen.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/1372091104.jpg\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/1372091104.jpg\",\"width\":1000,\"height\":750,\"caption\":\"Man working on his laptop in his living room\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Rethinking Active Directory Domain Trust for the Cloud\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"探花大神\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"探花大神\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"探花大神\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e\",\"name\":\"David Worthington\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/d9acf1381c6e5b50c0f50d47b7b05411\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g\",\"caption\":\"David Worthington\"},\"description\":\"I'm the 探花大神 Champion for Product, Security. 探花大神 and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.\",\"sameAs\":[\"https:\/\/jumpcloud.com\/blog\",\"david.worthington@jumpcloud.com\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Rethinking Active Directory Domain Trust for the Cloud - 探花大神","description":"Active Directory domain trusts won\u2019t explicitly validate trust for all access requests, but modernizing AD can make it happen.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud","og_locale":"en_US","og_type":"article","og_title":"Rethinking Active Directory Domain Trust for the Cloud","og_description":"Active Directory domain trusts won\u2019t explicitly validate trust for all access requests, but modernizing AD can make it happen.","og_url":"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud","og_site_name":"探花大神","article_published_time":"2023-10-04T15:30:00+00:00","article_modified_time":"2024-12-20T18:45:44+00:00","og_image":[{"width":1000,"height":750,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/1372091104.jpg","type":"image\/jpeg"}],"author":"David Worthington","twitter_card":"summary_large_image","twitter_misc":{"Written by":"David Worthington","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud"},"author":{"name":"David Worthington","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e"},"headline":"Rethinking Active Directory Domain Trust for the Cloud","datePublished":"2023-10-04T15:30:00+00:00","dateModified":"2024-12-20T18:45:44+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud"},"wordCount":1957,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/1372091104.jpg","articleSection":["Remote Work","Unification"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud","url":"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud","name":"Rethinking Active Directory Domain Trust for the Cloud - 探花大神","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/1372091104.jpg","datePublished":"2023-10-04T15:30:00+00:00","dateModified":"2024-12-20T18:45:44+00:00","description":"Active Directory domain trusts won\u2019t explicitly validate trust for all access requests, but modernizing AD can make it happen.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/1372091104.jpg","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/10\/1372091104.jpg","width":1000,"height":750,"caption":"Man working on his laptop in his living room"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/rethinking-active-directory-domain-trust-for-the-cloud#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Rethinking Active Directory Domain Trust for the Cloud"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"探花大神","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"探花大神","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"探花大神"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e","name":"David Worthington","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/d9acf1381c6e5b50c0f50d47b7b05411","url":"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g","caption":"David Worthington"},"description":"I'm the 探花大神 Champion for Product, Security. 探花大神 and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.","sameAs":["https:\/\/jumpcloud.com\/blog","david.worthington@jumpcloud.com"]}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/99067"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/150"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=99067"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/99067\/revisions"}],"predecessor-version":[{"id":119188,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/99067\/revisions\/119188"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/99074"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=99067"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=99067"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=99067"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=99067"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=99067"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=99067"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=99067"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}