Avocados are never perfectly ripe to eat, Nintendo games will never be released on other platforms and the way people do their daily work is changing. ‘Resistance is futile’. We have to accept the everlasting search for efficiency and convenience from end-users, employees and IT-vendors. We are at a point in time that employees and/or companies don’t want to buy and manage their own back-end hardware and vendors want to commit users and contracts to them. Insert concept: Cloud computing.
Every company that thinks about moving to the cloud automatically thinks about the obvious path to get started: Office365. But to elevate Office365 you will need Azure Active Directory. And to fully benefit from the tons of features that Microsoft has to offer, you need Windows 10 and Intune and…. Before you know it Microsoft has you in a tighter headlock then Hulk Hogan had his opponents in the good old days. Don’t get me wrong, I love the Microsoft365 product suite. Just don’t jump to conclusions without at least considering other solutions. A solution completely based on Google products for example. In this blog post I will lay down the basic principles of a Google Workspace by comparing the different elements to their Microsoft counterparts.
Products side by side:
|Google Cloud Platform||Microsoft Azure||Cloud Provider|
|Cloud Identity||Azure Active Directory||Identity Provider|
|Chrome Enterprise||Microsoft Intune||Device Management|
|Chrome OS||Windows 10||End point Operating system|
|G-Suite||Office 365||Workspace applications|
The products are not completely interchangeable of course. But the components described are needed to provide a similar service.
Both Google Cloud Platform (GCP) and Microsoft Azure (Azure) are key players as third party cloud providers. Both offer roughly the same services (like compute, applications, containers, SQL instances), but offer them under different names. There are differences between GCP and Azure. Azure provides more options for global working, high availability or disaster recovery because of its availability in 54 geographic regions and approximately 162 availability zones, where GCP has 20 regions and 61 zones. In terms of pricing Google Cloud provides more flexibility than Microsoft Azure.
In this blog we focus on a basic hybrid workspace environment where all data resides on premises. Apart from the identity providers that run on the public cloud we do not have any other dependencies with a cloud provider in this setting.
Let’s face it, you have Microsoft Active Directory (AD) as the default identity provider in your on premises domain. It is an IT-infrastructure standard. Microsoft benefits from this default setup with Azure Active Directory. By syncing your on-premises AD to the cloud, with Azure AD Connect, the identities of your employees are immediately known within the complete Microsoft chain. This makes features like Single Sign On to Office 365 a piece of cake.
Google works with its own identity: Google accounts. But no need to get scared now. It is possible to link an on premises Active Directory account to a Google account. In fact, under the hood Microsoft does the exact same thing. Microsoft syncs a on-premises AD account with a standalone Azure AD account with the same name. Instead of the Azure AD Connect tooling that Microsoft uses, Google relies on Google Cloud Directory Sync (GCDS) to make AD users known with the Google services.
You can run environments without any device management tools, but nowadays that is not recommended. If you want tight security and control over who and what enters your domain, device management is mandatory.
Chrome Enterprise allows you to set and enforce over 300 security and configuration policies on endpoint devices. This includes features like: Restricting sign-in, blocking applications based on permissions, remotely disabling devices, enroll devices, managing remote access and single sign-on, tracking devices and users, restricting or requiring web apps and browser extensions, and many more.
Microsoft Intune focuses primarily on enrollment, device compliancy and conditional access. All other setting (and many, many more) can be found in the Office365 admin portal or in Azure Active Directory. Just another example that to fully benefit from the services you have to use multiple components of the suite.
The key takeaway with device management is that both Microsoft and Google provide a form of conditional access. A feature that is essential in a modern workspace.
We focus on the Office suite and the G-Suite here assuming any other line of business application is SaaS or virtualized. It is the year 2020 after all.
|Google G-Suite||Microsoft Office 365||Description|
|Docs||Word||Word processing application|
|Google Drive||Onedrive||Cloud storage|
The Office suite can be locally installed on a device. This is not the case with G-suite. G-suite is always presented to the end-user from a web browser. That is a component to consider when designing your workplace. G-suite documents can be read and edited offline though. You can turn on offline access to resources in the Google Admin Console which is recommended by Google. With this setting a document can be opened, edited and saved to the local hard drive. When the internet connection is restored the file be synchronized with the cloud again. Both suites are fine and hold the basic functionalities to let employees do their daily job for 90% of the time. Although Microsoft Office is seen as a industry standard by a majority of the companies. That is an excellent selling point for Office365. However I recommend checking your functional demands to the possibilities and functions of G-Suite. You might be surprised what you see.
The difference between Google and Microsoft from a device point of view is not made with mobile devices. Both support Android devices as well as Apple devices. But when we look at laptops, desktops and thin clients you have an important choice to make.
In a Microsoft scenario you are not limited in your device choice. As long as the latest release of Windows 10 is the operating system, a good user experience is guaranteed (to the maximum capacity of the device’s hardware). Google chooses to limit your device choice to Chromebooks (laptops) and Chromeboxes (small form-factor PC). These devices have Chrome OS as their operating system. The main difference between traditional end-points (Microsoft scenario) and Chrome OS devices is that Chrome OS devices primarily support web applications. About 99% of the work done on a Chrome OS device is browser based. It has his pros and cons. A Chrome OS device is often cheaper than a traditional endpoint device because it does not heavily rely on it’s hardware. The most important aspect of such a device is the connection to the internet. But then again, in use cases with a bad to no internet connection available a Chrome OS device is pretty much useless.
With an on premises Active Directory your IT-infrastructure for a workspace will roughly look like this:
To create a perfect mix between security and usability you have to choose either the Microsoft or the Google way of working. Both suites are good at what they do, but only deliver a solid solution based on the use of their complete workspace suite. Having Active Directory on premises is not a deciding factor in the process of choosing your cloud based work space. The choice is based on applications and end-point devices. For example: The Google suite could work brilliantly on a school with focus on collaboration and cheaper hardware, where the Microsoft suite is better suited in a global financial environment where user heavily rely on Office365 products and a free choice of end-point hardware. It all depends on your organizations functional requirements for your ideal working environment.