Can I replace Microsoft Active Directory with Azure Active Directory? This is a very common question for IT professionals. With almost all of the IT environment moving to the cloud, there are a number of incentives to move the core directory service to the cloud too. Unfortunately, Microsoft’s path to the cloud can be unwieldy, expensive, and difficult to comprehend. It’s also heavily focused on Windows as its first-class citizen and the Microsoft ecosystem at large.

It all starts with Azure Active Directory (AAD), Microsoft’s foray into cloud-based directory services. It’s reasonable to think that it would have all the capabilities of Active Directory^® (AD), as the name implies, but the truth is more complicated than that — even before Microsoft’s licensing factors in.

Azure AD’s True Purpose

AAD was created to extend Microsoft’s presence into the cloud. It connects Active Directory users with Microsoft Azure services, and is easier to implement than Active Directory Federation Services (ADFS) for single sign-on (SSO). It doesn’t incorporate the full features of Active Directory and lacks support for authentication protocols including LDAP and RADIUS. It may manage non-Microsoft identities, but there are additional fees for multi-factor authentication (MFA). A gated licensing model keeps many features behind a paywall. For example, group management with role-based access control (RBAC) isn’t included with the free tier of AAD.

AAD is the cornerstone of Microsoft’s portfolio of identity, compliance, device management, and security products, because it provides a common identity for Azure, Intune, M365, and more. The permutations of products and challenges of migrating from Active Directory to the cloud have given rise to a cottage industry of consultants for implementation and planning. The breadth of configurations and options may be fitting for enterprises that have considerable resources to support deployments. Considering that it’s not even possible to abide by Microsoft’s best practices for AAD without subscribing to Premium tiers, AAD may be a mismatch for small and medium-sized enterprises (SMEs) that have more essential needs.

Costs tick upward when SEMs are pulled deeper into the Azure ecosystem or require interoperability with services that fall outside of the Microsoft stack. For example, fees are assessed for unrestricted cross-domain SSO and MFA authentications with other identities. 

Replace AD with Azure AD?

Can Azure AD actually be the complete replacement to AD that admins are looking for? Unfortunately, the short answer to that question is no. Azure AD is not a replacement for Active Directory. AAD was originally intended to connect users with Microsoft 365 services, providing a simpler alternative to ADFS for SSO. It has since evolved into a springboard to new subscription services that target enterprise customers and charge for capabilities that on-prem AD provided at no additional cost. 

You don’t have to take our word for it, check out what a Microsoft representative said in this Spiceworks post:

Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It actually provides many more capabilities in a different way.

That’s why there is no actual “migration” path from Active Directory to Azure Active Directory. You can synchronize your on-premises directories (Active Directory or other) to Azure Active Directory but not migrate your computer accounts, group policies, OU etc.

As you can see here Azure Active Directory is an identity and access management solution for hybrid or cloud-only implementations. It can extend the reach of your on-premises identities to any SaaS application hosted in any cloud. It can provide secure remote access to on-premises applications that you want to publish to external users. It can be the center of your cross-organization collaboration by providing access for your partners to your resources. It provides identity management to your consumer-facing application by using social identity providers. Cloud app discovery, Multi-Factor Authentication, protection of your identities in the cloud, reporting of Sign-ins from possibly infected devices, leaked credentials report, user behavioral analysis are a few additional things that we couldn’t even imagine with the traditional Active Directory on-premises.

Even the recently announced Azure Active Directory Domain Services are not a usual DC as a service that you could use to replicate your existing Active Directory implementation to the cloud. It is a stand-alone service that can offer domain services to your Azure VMs and your directory-aware applications if you decide to move them to Azure infrastructure services. But with no replication to any other on-premises or cloud (in a VM) domain controller.

If you want to migrate your domain controllers in the cloud to use them for traditional task you could deploy domain controllers in Azure Virtual Machines and replicate via VPN.

So to conclude, if you would like to extend the reach of your identities to the cloud you can start by synchronizing your Active Directory to Azure AD.

Why Azure AD Can’t Replace AD Outright

When you step back and think about Microsoft’s identity and access management (IAM) strategy, it makes sense that you can’t replace AD with Azure AD. From a business perspective, Active Directory already has more market share than just about any solution they offer.

The on-prem directory acts as a tie that binds a Microsoft network together. By providing a way for customers to shift to a cloud directory service, Microsoft would open up the door to potential customer loss. Instead, it directs SMBs to cloud services that broaden the breadth and depth of its product families. However, these are intended to service enterprise customers and can be difficult to deploy and learn. 

Beyond the business perspective, there are also the technical capabilities to consider. Think of Azure AD as a user management platform for the Azure cloud platform, along with basic web application SSO capabilities. Where Azure falls short is that it doesn’t manage on-prem systems or resources without being integrated with a domain controller or add-on services for Windows.

For example, on-prem Windows (except for Windows 10), Mac, and Linux systems can’t be controlled for user access or systems management without subscribing to Microsoft Intune or Microsoft Endpoint Manager (MEM). Intune has limited functionality for Macs (without more MEM subscriptions) and, at present, has limited Linux support. Windows support is extensive, including auto-pilot onboarding.

Further, non-Microsoft solutions such as AWS and Google Workspace are outside of the scope of provisioning as well. There are a lot of resources that users need that can’t be touched by Azure alone, without adding additional subscriptions. 

While it’s possible to utilize Intune for a domainless enterprise, many organizations are still compelled to have a hybrid environment for full compatibility with AD or ADFS. Microsoft’s reference architecture (diagram below) prescribes both AD and AAD in an environment.

JumpCloud: Extend or Replace Azure Active Directory 

Every environment has different requirements and constraints that can make cloud migration more challenging. Some shops are locked into the Microsoft stack and would benefit from SSO, simplified Zero Trust security, and cross-OS system management that AAD + Intune don’t provide or charge too much for. Other organizations aren’t tied to legacy on-prem systems and can adopt a domainless architecture, saving on infrastructure, management, and rising CAL licensing costs. JumpCloud makes it possible to do either, or anything in between, for individual SMEs or through a multi-tenant portal for MSPs to consolidate tools and deliver value at scale.

JumpCloud’s open directory platform can serve as a cloud replacement to AD. JumpCloud enables admins to have seamless management of users with efficient control over systems (Mac, Windows, and Linux), wired or Wi-Fi networks (via RADIUS), virtual and physical storage (Samba, NAS, Box), cloud and on-prem applications (through SAML, OIDC, RESTful APIs, and LDAP), local and cloud servers (AWS, GCE), and more. Automated group memberships, that pull relevant user attributes from other IdPs or HRIS systems, assist with identity lifecycle management. Environment-wide push/TOTP MFA is implemented for each protocol for free.

Your identities can be assigned to trusted devices. JumpCloud provides mobile device management (MDM) for Android, iOS/iPadOS, Linux, and Windows. Zero-touch onboarding is available for Apple devices. With MDM and the Windows agent, IT teams can leverage GPO-like policies such as full disk encryption. The CLI of each OS is accessible, at root, to deploy custom commands and policies that fall outside of JumpCloud’s point-and-click catalog of policies.

The platform services IT management and security needs with security add-ons, including:

• Cross-OS patch management and browser patching
• Pre-built conditional access policies for more privileged access management
• Cloud Insights for AWS

JumpCloud can also integrate seamlessly with Azure AD, Google Workspace, or Okta to create one core identity provider for an organization. It is truly the cloud-forward directory that is built for the modern IT environment. JumpCloud’s open directory platform is interoperable and frees its users to adopt the IT stack of their choosing from best-of-breed services.

An Open Directory Platform™

The JumpCloud platform does not need to fully own and manage an identity. It consumes identities from different sources to orchestrate access and authorization to resources. This simplifies IT management for SMEs by addressing access control and security challenges that arise from having siloed apps and heterogeneous device endpoints outside of a corporate network. For instance, Microsoft doesn’t interoperate with Google Workspace, so IT professionals would otherwise have to seek alternatives for Identity and Access Control (IAC) and device management. Unfortunately, most other alternatives aren’t an integrated solution.

JumpCloud makes it possible for trusted devices to securely access resources across domains.

Delegated authentication is another option for access control. IT can configure AAD credentials to be used for RADIUS authentication into Wi-Fi networks with JumpCloud. There’s no domain controller or third-party service required.
JumpCloud helps SMEs to improve security, save on licensing, reduce headcount, and save time and effort by consolidating orchestration into a single, open directory that serves as an identity broker. The JumpCloud platform also works with Okta identities to provide RADIUS and LDAP access control, SSO, and system management for your device endpoints.

Try JumpCloud for Free

Want to learn more about how you can replace Active Directory with JumpCloud? It’s as simple as signing up for the JumpCloud Free account. JumpCloud offers all free accounts for 10 users and 10 devices, with no credit card info required. This grants the perfect opportunity for you to try out the entire platform including all of our premium functionality and see exactly how it works for yourself. Need more tailored, white glove implementation assistance? Schedule a free 30-minute technical consultation to learn about the service offerings available to you.

The JumpCloud community is always open for peer discussions about any IT topic.

• Remote Work

• Directory Services
• User Access

Modern IT environments are incredibly diverse, and while this is great for many reasons, it can also make the IT department’s job more difficult. Today’s environments are often comprised of a mixture of on-prem and cloud resources, corporate owned and BYOD devices, varying device and operating system (OS) types such as Mac, Windows, Linux, iOS, Android, and more.

All of these factors, plus the popularity of hybrid work, add complexity around managing identities and sometimes make it feel like centralized and simplified identity management is out of the question. Luckily, this is not the case at all, though some organizations might need to adjust their infrastructure and tool choices to be more future-proof to achieve a modern and unified identity management strategy. Let’s take a look at why that is and how it can be done.

Centralized Identity Management Barriers

As mentioned above, heterogenous IT environments can be a problem for IT, because resources live in many different places, employees work from all over the world, and there are a plethora of device and OS types out there.

Here’s how some of these factors affect identity management:

• Cloud and on-prem resources: It can be hard to get visibility into who has access to what resources, and SaaS apps might not connect to a traditional directory such as Microsoft AD.
• Hybrid and remote working models: Monitoring, managing, and helping employees that aren’t in the office can be problematic without the proper tools.
• BYOD: Personal devices typically don’t connect back to traditional directory services, and they are sometimes difficult or impossible to manage.
• Mac, Windows, and Linux device popularity: Most tools are meant to help you manage certain device types but not others, making it hard to keep track of and secure devices that employees use.

All of these factors and more contribute to an incomplete, decentralized identity management strategy in many organizations. 

Why Centralized Identity Management Is Key

This decentralized approach is often forced on IT, rather than chosen, simply because of the disparate resources that need to be managed on top of the fact that many organizations use outdated or disconnected IT management tools. This strategy (or lack thereof) can quickly turn into a security and compliance nightmare, an unnecessary weight on IT, a fractured employee experience, and a hit to the organization’s bottom line, among other things.

When users and their digital identities are not centrally managed, it’s virtually impossible to get visibility into their resource access privileges, what devices they’re accessing company resources on (whether company-managed or completely unsecured), what problems they might be experiencing, whether their systems are up-to-date or not, and much more. On top of all of this, Shadow IT is as prevalent as ever, which causes even more security hiccups when left unchecked due to poor identity management. 

Considering that 84% of organizations experienced at least one identity-related breach in the past year, you can see how far-reaching the effects of the decentralized identity management problem truly are.

To avoid all of this to the furthest extent possible, IT needs centralized control over all identities, access, and devices, while simultaneously allowing departments and employees the flexibility they need to get work done.

How to Centralize Identity Management

So, the end goal is to provide employees with flexibility in where and how they work, while maintaining the amount of control that you want over their digital identities, access, and devices. To do so, you’ll want to centralize the management of all of these things, as much as possible.

Centralized user management provides IT with the control and visibility over every device, application, and network across the organization, without dictating what resources are the right choice for each group. This strategy saves IT time with easier day-to-day workflows, helps ensure compliance, enhances security, and ameliorates the end user experience.

A modern way to centralize identity management is by adding JumpCloud’s open directory platform to the center of your IT infrastructure. The beauty of an open directory is that it can easily connect to all of your existing infrastructure, as well as any other tools (such as other directories, HR tools, and more) you decide to adopt in the future, allowing your business to evolve and scale with ease. This means that with the JumpCloud Directory Platform, you can centrally manage identities, access, and devices, all from a single, modern platform.

Get complete, centralized visibility into employee identities, what they do or do not have access to, and their devices. With JumpCloud’s identity lifecycle management capabilities, enjoy simplified onboarding and offboarding, add users to groups for easy control, keep devices patched and up-to-date, quickly change access levels, and much more. With this solution, your organization still maintains the flexibility it needs to leverage the best devices, applications, and tools on the market. Plus, you can hire the best talent, regardless of their location, without worrying about how it’ll impact security or how IT will manage them.

Use JumpCloud to ensure that your identity lifecycle management process is efficient, secure, and complete.

Learn More

• Best Practices
• Unification

• Devices
• User Access

Cyberattacks against small and medium-sized enterprises (SMEs) are on the rise — from ransomware to Distributed Denial of Service (DDoS). Leveraged credentials, most often passwords, cause 61% of data breaches.

Nearly half of all cyberattacks target SMEs who are less equipped to recover from damages. 

Why don’t cybercriminals limit their nefarious activity to organizations with large bank accounts? They have strategically determined SMEs are less likely to invest in security best practices than large enterprises. 

Sadly, the consequences of these data breaches can be devastating. On average, 60% of SME breach victims file for bankruptcy within six months of an incident. The good news is SMEs can avoid nearly 100% of breaches by taking one simple action: implementing multi-factor authentication (MFA). 

Why Aren’t More SMEs Using Multi-Factor Authentication?

According to a 2021 study, organizations that use MFA are 99.9% less likely to experience a breach than those that do not. 

Yet, despite having awareness of cybersecurity risks, an estimated 67% of business decision-makers don’t use MFA for any of their login points.

Why aren’t more SMEs using multi-factor authentication? Is the resistance to MFA one of misunderstanding, misinformation, or the perception of inconvenience? And how can it be overcome? Let’s explore MFA’s benefits, challenges, and common misconceptions around SMEs using multi-factor authentication — but first, a primer on MFA:  

What Is MFA? 

MFA is a method to protect an access transaction by utilizing multiple (often two) factors to verify a user’s identity. MFA, sometimes referred to as two-factor authentication (2FA), goes beyond vulnerable password authentication by requiring two or three forms of identity:

• Something you are: biometric data like facial recognition, fingerprint, retinal imprint, or even speech and typing patterns.
• Something you know: passwords or facts about your life or family history.
• Something you have: a device in your possession, like a phone or a security key.

Though the technology has been around for decades, biometric data recognition was mostly relegated to sci-fi movies until recently. 

However, technologies like facial recognition and fingerprint scanning are now mainstream thanks to organizations embedding them into their products. A recent survey of 1,000 Americans found that 70% of them find biometrics easier to use than traditional passphrases. 

How Does MFA Work?

End users may see MFA as slightly inconvenient as it involves a few extra steps. But the process itself is relatively straightforward: 

• The user logs in with their password (something they know).
• The user is prompted to satisfy a second factor:
  • One-time passcode (TOTP) on their phone or tablet from an authentication app like Google Authenticator, or
  • One-time passcode (OTP) via email or SMS, or
  • Push notification from a smartphone or tablet app, or
  • Scan of fingerprint, face, or other biometric factor 

Once the user’s identity has been verified by the organization’s chosen secondary and/or tertiary factor, the user is granted admission to the network. 

Benefits and Challenges of Using MFA 

MFA Benefits

Implementing MFA has many benefits, but here are three: 

• MFA keeps accounts secure even if passwords have been compromised.
• MFA provides peace of mind for stressed-out cybersecurity teams. 
• MFA lays the foundation for running a Zero Trust security framework, which maintains trust without maximum verification and introduces security vulnerabilities. 

In addition, MFA is one of the easiest security measures admins can take. 

MFA Challenges and Solutions

Now, let’s dig into why more SMEs aren’t using multi-factor authentication. Identity management is the only technology that requires users and admins to balance efficiency, convenience, and security all at once — a challenge, but a surmountable one. 

Here are the three challenges most often cited by SMEs resisting MFA:

• MFA could be time-consuming and slow productivity.
• MFA could negatively impact user experience (UX).
• MFA could be expensive for small businesses to manage. 

When it comes to choosing between speed and security, speed often wins. Fortunately, new innovations in UX design are delivering a seamless user experience with no compromise. Implemented correctly, MFA can increase IT security without adding complexity or slowing productivity for the end user. 

Managed MFA solutions can support multiple factors depending on the applications, devices, and systems they protect. Integrated into a cloud directory platform like JumpCloud, managed MFA solutions reduce the complexity of protecting a single identity while securely connecting the user to multiple IT resources. Less complexity leads to higher user adoption rates and a greatly reduced attack surface.

Employees may continue to lose their smartphones on occasion, but this problem can be solved with an authentication app like JumpCloud Protect™. JumpCloud Protect will: (1) temporarily relax MFA requirements while the user sets up their new phone; or (2) shift MFA requirements to a non-smartphone-based method like a hardware-based key or fingerprint scanner.

Finally, MFA costs are scalable for SMEs, with simplified à la carte and bundled pricing plans that deliver what businesses of all sizes need, when they need it. (Note: Cloud MFA services are free with all bundled JumpCloud packages.)

The ROI of Multi-Factor Authentication for SMEs

With so much on the line for SMEs, whose data is frequently targeted by hackers, MFA adoption has never been more critical. MFA helps keep accounts secure even if passwords have been compromised. 

According to Aberdeen Research, small businesses of less than 500 employees with up to $50M in annual revenue experienced downtimes costs of up to $8,600 per hour in 2016. All things considered, a solid Zero Trust initiative like MFA is a drop in the bucket. 

Interested in learning more about JumpCloud and how to achieve more robust security practices? Open a JumpCloud Free account today. 

JumpCloud Free grants new admins 10 systems and 10 users free to help evaluate with access to the complete platform. Once you’ve created your organization, you also receive 10 days of Premium 24×7 in-app chat support to help you with any questions or issues.

Jump to Tutorial

FileVault is a disk encryption feature built into macOS to protect your hard drive from unauthorized access. When enabled, your startup volume is locked when the Mac is sleeping or shut down, and the data is encoded so it can’t be read unless the login password is used. 

When enabling FileVault, macOS asks you a critical question on how you would like to unlock your disk. There are two options (Figure 1):

1. Allow your iCloud account to unlock your disk
2. Create a recovery key

If you choose the first option while enabling FileVault, you only need to access your iCloud account to unlock your Mac and the OS will not create a separate recovery key. If you choose the second option, macOS generates a recovery key that you are expected to store in a safe place. 

However, what happens if you lose the key? We’ll cover your options for potentially recovering a FileVault key in this tutorial.

Note: If you lose both your Mac password and FileVault recovery key, you will not be able to log in to your device or access the data on your startup disk.

Not Sure if the Recovery Key Is Correct?

Maybe you have a recovery key, but are unsure if it’s the right one for this computer. Fortunately, if you are already/still logged in to your Mac, there is a way forward. You can validate the recovery key by taking these steps:

• Launch the Terminal.app on your Mac: search for “terminal” using the Spotlight search option on your device or navigate through Applications > Utilities > Terminal.
• Run the command sudo fdesetup validaterecovery and click return. Enter your admin password when requested.
• You will be prompted to enter the current recovery key. Do exactly that and ensure you do not leave out the hyphens in the key. Because your entry is hidden and you cannot use the backspace if you type a mistake, we offer this pro tip: copy and paste into Terminal. Just be sure you don’t copy any leading or trailing spaces.

There are three possible outcomes: 

1. true (Figure 2a) if your key is correct
2. false (Figure 2b) if the key you entered follows the format of a recovery key but is incorrect for this computer
3. Error: Not a valid recovery key (Figure 2c) if the key does not look like a recovery key at all (e.g., if you leave out the hyphens)

Recovery Key Incorrect or Lost?

Unless your system is managed by a device management platform, if your FileVault recovery key is completely lost or the validation keeps returning false, unfortunately you cannot recover it. It is gone. 

The only thing you can do while you still have access to your computer is to create a new key. You can do this in two ways: 

1. Via Terminal.app
2. Via the FileVault tab under Security & Privacy

Whichever method you choose, note that you will not get the same recovery key that was lost. Instead, a new key will be generated.

1. Create a New Key Via Terminal

Launch the Terminal.app and run the following command: 

sudo fdesetup changerecovery -personal 

This method will allow you to generate a new key without having to turn off FileVault and re-enable it. Enter your user name and password when prompted to do so. If the change is successful, you will see a new recovery key (Figure 3). 

Otherwise, you may get an error that you cannot change your key. We recommend trying the second method discussed below if this method doesn’t work for you.

2. Create a New Key Via FileVault Tab

With this method, you need to turn off FileVault and turn it back on to generate a new recovery key. On your Mac, go to Apple menu > System Preferences > Security and Privacy and click on the FileVault tab. 

Then, click the lock icon on the left-hand side of the pane, provide the administrator password, and click Unlock. Afterwards, select Turn Off FileVault… (Figure 4). The decryption of your disk occurs in the background as you use your device and only while the device is awake and plugged into AC power. You can track the progress under the FileVault tab. 

When the decryption is complete, return to the FileVault tab and click Turn On FileVault.You will be prompted to choose between iCloud or recovery key. If you choose “Create a recovery key and do not use my iCloud account,” be absolutely sure to copy it and store it in a safe place, such as your Password Manager. 

Do not save it on the same startup disk you are encrypting.

Retrieving Your Key On a JumpCloud-Managed macOS Device

If you use a JumpCloud-managed macOS device, yes it is possible to retrieve your recovery key and avoid the perils of FileVault! Your IT admin will need to take the following steps:

1. Log in to the JumpCloud Admin Portal via https://console.jumpcloud.com/login/admin
2. Go to DEVICE MANAGEMENT > Devices 
3. Under Devices, select the relevant device
4. Under Details, click the view key button

Boom, your admin can now see your recovery key. To learn more about retrieving a recovery key on a JumpCloud-managed device, check out the following support documentation:

• Password Recovery Using FileVault Recovery Key
• Resolve Lockouts for MacOS M1 Users with FileVault 

Not using JumpCloud yet? Our open directory platform goes beyond allowing you to easily access recovery keys. It empowers you to manage access, user privileges, and the security settings of your entire fleet — no matter the OS. Use our platform for free for up to 10 users and 10 devices so you never have to worry about losing your FileVault recovery key again.

JumpCloud’s Universal Chrome Browser Patch Management

Browsers are the gateway to online productivity. 

Without them, we would not be able to get work done. To that end, they are also one of the biggest attack targets for bad actors. If we are not careful, and do not make a conscious effort to upkeep web browser security, hackers can easily exploit browser vulnerabilities. 

What makes browsers especially appealing to these individuals? Browsers access, collect, and hold lots of sensitive data — from personal credentials to company information — that cyber hackers can sell on the dark web and use to blackmail companies.

According to Atlas VPN, Google Chrome, the world’s most popular browser, has the highest number of reported (303) vulnerabilities year to date. Google Chrome also has a total of 3,159 cumulative vulnerabilities since its public release. 

In this article, we’ll dive into the topic of browser vulnerabilities, the importance of patch management, and how to streamline protection.

A Closer Look at Google Chrome’s Latest Vulnerabilities

On November 8, 2022, the Center for Internet Security (CIS) reported finding multiple vulnerabilities in Google Chrome. 

The most severe vulnerability within this group could potentially allow for arbitrary code execution in the context of the logged on user. What does that mean? 

Depending on a user’s privileges, an attacker could install programs and view, change, or delete data. The bad actor could even create new accounts with full user rights! 

Of course, users whose accounts have minimal user rights on the system would be less impacted than those with administrative user rights.

Multi-OS systems were affected, including:

• Google Chrome versions prior to 107.0.5304.110 for Mac
• Google Chrome versions prior to 107.0.5304.110 for Linux
• Google Chrome versions prior to 107.0.5304.106/.107 for Windows

First and foremost, CIS recommends applying appropriate updates provided by Google to vulnerable systems immediately after appropriate testing. See here for all the other CIS recommended actions. 

The Need for Browser Patching 

Here are the key reasons you should regularly update or patch your browsers:

• Enhance Security: Prevention of spyware, malware, and other viruses that could give someone access to your data or trick you into handing it over.

• Improve Functionality: Outdated browsers might not work (well) or support new apps or software.

• Boost User Experience: Older browsers usually do not support the latest and greatest code and will have trouble loading component files in the website. This might cause a website to freeze, crash or take forever to work.

For IT admins, security aspects are probably the most important reason to patch browsers. Keeping browsers updated with the latest version (i.e., downloading and installing all provided patches) goes a long way toward preventing cyber attacks and bad actors from exploiting known vulnerabilities. 

How to Create Default Chrome Browser Patch Policies

One of the easiest ways to stay on top of patches, and reduce browser vulnerability risk, is to use the JumpCloud Directory Platform. 

The latest capability addition to our Patch Management solution provides a universal policy to keep Google Chrome up to date for macOS, Windows, and Linux. 

A universal policy saves time by automatically scheduling and enforcing Chrome security patches on a large number of managed devices.

The platform’s four universal preconfigured default Chrome browser patch policies allow admins to deploy browser updates with different levels of urgency. Admins also have the option to configure a custom universal policy; this feature allows for easy modification of existing policy settings to tailor update experiences to organizational needs. 

The four JumpCloud default Chrome browser patch management policies control how and when a Chrome update is applied. The recommended deployment strategies include:

• Day Zero: Deploy automated upgrades inside your IT Department the first day an update is available.
• Early Adoption: Deploy automated upgrades to early adopters outside of IT.
• General Adoption: Deploy automated upgrades to general users in your company.
• Late Adoption: Deploy automated upgrades to remaining users in your company.

Once you have created a Chrome browser patch policy, you can assign it to any devices, policy groups, or device groups. A policy group helps quickly and efficiently roll out existing policies to large numbers of similar devices. 

Capabilities of JumpCloud Browser Patch Management

JumpCloud’s new Browser Patch Management also introduces the following features:

• Enforce Chrome updates and browser relaunch. 
• Enforce or disable Chrome Browser Sign In Settings.
• Restrict sign-in to a regex pattern to ensure users sign in via company email accounts.
• Automate device enrollment into Google Chrome Browser Cloud Management, which unlocks limitless capabilities for browser and extension control within the Google Admin console. 

Dive deeper into the new Universal Chrome Browser Patch Management Release by exploring the release notes for this feature in the JumpCloud Community. 

Learn More About JumpCloud

The good news? Browser patching and patch management are included in JumpCloud’s affordable A La Carte pricing package. 

Try JumpCloud for free for up to 10 devices and 10 users. 

Complimentary support is available 24×7 within the first 10 days of account creation.