Is it possible to replace the microsoft 365 stack + entra id?
Posted by JazzlikeAmphibian9@reddit | sysadmin | View on Reddit | 104 comments
Requirements * An solid identity provider that can do saml and also integrate authentication * Email with Tls 1.2/1.3 preferably with some sort of encryption feature that allows you to control the content and prevent the content to be leaked. Collaboration features that include things like shared documents that can be edited simultaneously (power point, Excel , word …) personal drive
All preferably either that you can run yourself on servers or hosted by a European company inside EU
Also major bonus if open source and you can get support on the whole stack .
jnharp@reddit
I think the German state/region Slesvig Holstein is doing a full CU MS and hellos open source.
Here is a couple of articles about it. https://www.schleswig-holstein.de/DE/landesregierung/themen/digitalisierung/linux-plus1/Downloads/_dateien/open-source-strategy_EN.pdf?__blob=publicationFile&v=3
https://www.itbrew.com/stories/2024/04/12/german-state-says-it-s-tired-of-paying-for-microsoft-licenses-adopts-linux
n8wish@reddit
grommunio should do. Maybe some accompaning apps like an LDAP (FreeIPA) and you should be all right.
Avas_Accumulator@reddit
If you find a way, do tell the EU comisison as they are looking for something, and have been for 20 years.
The major question is "why" except paranoia though. EU does not have a major tech company and you'll likely use US Big Tech as a crutch forever.
MairusuPawa@reddit
It's not that they did not solve this. It's that they are doing fuck all. It's infuriating to work with them.
Avas_Accumulator@reddit
They have in no way solved this, and in no way have the benefit of the US who are more aligned internally as one country vs one union with cracks.
Where exactly do you find the Microsoft of the US in EU?
Perhaps if Siemens, SAP, Nokia, Eriksson, some large telcos merged into "MicroHard" and created Azjure-ish, we could talk.
pdp10@reddit
Building commodity software isn't like going to the moon or building a giant particle collider. Building software in no way requires interstate collaboration. It's only sightly -- slightly -- more complicated today than emailing diffs to Torvalds.
Avas_Accumulator@reddit
I know the Linux history. Though part of that history is also how Germany wanted to swap out from Microsoft with disastrous results.
Yes, the EU can run on SUSE Linux. But that's not what I'm talking about here. If you are an international/global company, you need services near the users. You need great ID Auth.
There's so many cloud pieces in the modern world that I again ask - do we actually have the capibility currently?
I think that's a hard no.
pdp10@reddit
Not Germany, and not that result. One might have tended to get the wrong impression about a few of these things if they just read the headline and not the factual article.
Avas_Accumulator@reddit
Ok let's not beat around the bush at all, and ignore my main points:
There are no Microsoft, Google, Apples in the EU yet.
kaiserh808@reddit
Now, let me be clear, I'm not recommending this, but you can do a lot (if not all) of your wish list with a Synology NAS.
User Management: https://www.synology.com/en-us/dsm/overview/user
Email and Office apps: https://www.synology.com/en-us/dsm/overview/productivity
Drive server: https://www.synology.com/en-us/dsm/feature/drive
Etc.
tech2but1@reddit
Getting alternatives working is the "simple" part of OP's request. Getting users to embrace the change is usually the biggest challenge. It's a lesser of 2 evils thing, any customers I have on MS/365 I could easily switch to Libre Office/Thunderbird/Samba AD etc from a technical PoV, but it's less hassle to just keep it MS (although this is swinging the other way as time goes on TBH).
kaiserh808@reddit
Exactly - Personally I would (and I do) stick with the integrated stack Microsoft provides.
If you can't or won 't use that, then there are always going to be compromises.
Krigen89@reddit
About user management, in your link:
"Synology systems excel in diverse environments thanks to Active Directory and LDAP integration, as well as wide SSO protocol support."
I know they do integrate well with AD, as I've used it. But I don't think a Synology alone can run an AD-like user directory, which could be used by other devices/apps/services for authentication. You need to AD, or Entra or other SSO provider.
Darkhexical@reddit
You can run ad on Synology. Won't be as good tho. Uses samba4
Krigen89@reddit
I stand corrected. Interesting, thanks
ccatlett1984@reddit
Windows Server
Active Directory
Active Directory Federation Services
Exchange
Sharepoint
All hosted on-prem. ;)
Acardul@reddit
But the exchange on-prem nowadays is a bit of nonsense. Maintenance and securing kill other advantages.
Floh4ever@reddit
Although it is obviously way more work than the "pay x$/Month" cloud alternative, once deployed and up to date it barely requires more maintenance than any other windows server. Security is not that bad if it has no direct WAN connection.
Uptime in just the most basic 2 node cluster has defeated 365 many times over in our cases.
DevNopes@reddit
You cant separate on-premises exchange security from Active Directory security, and that is really, really bad.
Dadarian@reddit
SP on-prem isn’t doing any better.
countvracula@reddit
Only masochists would be running SP on prem in this day and age.
BatemansChainsaw@reddit
sharepoint almost anywhere is complete garbage.
KareemPie81@reddit
This made belly lol way too hard
BatemansChainsaw@reddit
He's not wrong though. With the exception of Sharepoint my company runs all of this in-house and probably always will as long as I'm in charge of it. It's far more cost effective doing so than running it ~~in the cloud~~ "on someone else's computer"
monoman67@reddit
Maybe if you are a small shop. Running Exchange and ADFS on-prem for almost 100K users with 24x7x365 expectations is no joy with a small staff and terrible financial planning.
Paying MS for EOL, SSO/MFA, Teams, OneDrive, etc. isn't the best experience but it is a better experience for us. We will continue to run some things "on someone else's computer" when they can do a better job than us.
KareemPie81@reddit
No he’s 100% right, I’m still scarred for exchange 5.5 on SPS running on server 2003. I remember when MSFT even sold the Azure on premise in a shelf to let your bring your own “cloud”
JazzlikeAmphibian9@reddit (OP)
Theoretically possible however probability expensive and goal is less reliance on Microsoft.
StinkyBanjo@reddit
Its also temporary. Exchange is going away and replaced with exchange subscription.
ccatlett1984@reddit
Still an on-prem product, just a change in licensing model.
RainStormLou@reddit
You're basically going to have to build your own environment like a patchwork quilt. They own the market for a reason, and they buy the competitors products if they start to catch up. Get really cozy with Linux and email protocols, and start a rumor that collaboration on documents means you're a racist.
1996Primera@reddit
And a wap if you plan on accessing things outside the lan and not needing a vpn
BWMerlin@reddit
Google Workspace is the most drop in replacement you are likely to find.
JazzlikeAmphibian9@reddit (OP)
Yeah same pitfalls however.
techvet83@reddit
If you've crossed off O365 and Google Workspace but still want collaboration, what is left on the table?
Dave_A480@reddit
A trip to the software museum to dig up GroupWise or Lotus Notes?
Complete-Start-3691@reddit
The Notes reference gave me PTSD
BWMerlin@reddit
Zoho and Zimbra?
Adam_Kearn@reddit
I don’t even consider Google any more than a search engine.
They have killed off too many products that are still used and loved by thousands.
Not worth the investment as just as you get running its hit its EOL.
RainStormLou@reddit
It's not even a good search engine anymore. I would actually pay money to access a maintained version of the Google search engine from a decade ago, but it's baked cat shit in it's current form. Why the fuck is Gemini not a toggle? What kind of dumbshits would force a usually incorrect AI result, and ~ five sponsored (tangentially related, sales focused) results to appear before the first ACTUAL result for my search is displayed??
I had to enter a change request to change the default search engine in edge to Bing for all users a few weeks ago. Do you guys know what it fucking feels like to be in full support of such a change? Even a few years ago, I would have confidently bet tens of thousands of dollars that I would never allow such a thing, much less support it lol.
pdp10@reddit
Adblockers remove the sponsored results. Blocking ads is one of the highest-RoI things you can do.
RainStormLou@reddit
Depends on how your org is required to manage ads. We get most malicious popups, but there are some things we're not allowed to disable and were overridden on. The bright side is that I get to close the occasional ticket by simply pointing to an email and a denied change request from an administrative idiot in 2023.
Adam_Kearn@reddit
In the 365 admin portal you can apply an edge policy to enforce a specific search provider.
https://learn.microsoft.com/en-us/deployedge/microsoft-edge-browser-policies/defaultsearchprovidersearchurl
If you add &udm=14 to the end it will turn the AI prompt off permanently.
DonutHand@reddit
Meaning nothing could based? All on prem everything?
MuddyDirtStar@reddit
And a huge downgrade in features and just about everything about it.
game_bot_64-exe@reddit
I think possible is a solid yes, pratical however is where you need to evaluate, depending on how invested you are into the Microsoft Cloud ecosystem will really determine where you land on the "it should done" scale.
I think a good set of initial question regardless you should ask are:
How many users in my org are familiar enough with a given set of non-Microsoft productivity tools (lets say Google Workspace because that's normally the first alernative people are going to look at) that they wouldn't care what tool is infront of them to just continue working?
In my are org, what is the ratio of user endpoint devices not running Windows to those that are running Windows?
Forsaken-Discount154@reddit
Absolutely. The cost of training and retooling to move away from the Microsoft ecosystem would be astronomical. Honestly, if they ever tried to make that switch, I would probably quit on the spot.
rmeman@reddit
In this market ? I'd bet you wouldn't
Forsaken-Discount154@reddit
hahahahahahaaaaaa... Skillzzzzz bruh...( and savings )
MuddyDirtStar@reddit
Imo, if you're asking this. Then you aren't in a position to do so. There /are/ ways to replace it. But you're going to be piecing it together relying on less than desirable integrations. Microsoft is the industry leader by a large margin for a reason. My old role dealt plenty with Linux, patchy workspace and we still had to maintain an on prem and just because a lot of platforms are natively supported. Administration costs will go through the roof.
JazzlikeAmphibian9@reddit (OP)
I am asking the question since i see a void there where the question is asked is it possible to cut Microsoft out of the equation and Google as well need something that can't be killed in a situation where the current American administration is more of an adversary then a partner and ally. we are 4 months in and 44months to go and we have no idea what ideas the next one might have so the time for having an idea of an exit plan is now.
Frothyleet@reddit
It's a reasonable question to ask. Unfortunately there's not a straightforward solution. You'd have to make a proportionally enormous investment in building your own solution, or accept massive functional tradeoffs in similar (ish) solutions.
That only becomes worth it if the business decides the risk of relying on American resources is overwhelming. Which could happen.
doktormane@reddit
My advice is to wait for more reliable information on this Microsoft ICC saga. The report so far says that "Microsoft disabled the chief judge's email account" but the same story has also been reported as Microsoft shutting down the whole of ICC's email system. We also don't know if they are running Exchange Online or on-prem Exchange. If they did "block his email". How did they do it?
Suppenkelle8@reddit
„There is no chance that the US is going to sanction the whole German government, for example.“ - 2 years ago i would have fully agreed, but from today’s POV this is not true anymore.
This shows us how quickly things we take for granted can change. Being dependent on foreign systems is very dangerous given the current geo politics.
What if tomorrow the US decides to tax their SaaS solutions with 200% for the EU?
doktormane@reddit
Tariffs can't work in that scenario because the exchange of services is between Microsoft Europe and whatever local company it sells to.
I don't disagree that being dependent on other countries for essential goods or services isn't ideal but the US is very good at this sort of tech for reasons that Europeans vehemently reject, like labour laws, lack of GDPR, work culture, etc. Europe can't have its cake and eat it too. Whether you like it or not, innovation cannot be mandated through legislation. Communists tried this and it failed. There are very few European companies that have the resources to build a rival to Microsoft, Amazon, or even Google's cloud productivity and collaboration platforms. Even if a company decides to try, the US companies I just mentioned have spent decades developing those solutions.
Floh4ever@reddit
Although the EU would be in quite the situation - we still have options to retaliate badly. When the tariff situation got a little bad the EU said that they might consider disregarding american IP, patents etc. which would really hurt in the long term.
Indiesol@reddit
There is nothing worth the amount of work and expense needed to make it even close to as good, as secure, as scalable, or as compatible with other platforms. There is a reason Microsoft has the vast majority of the market share.
Could you please explain the pain point(s) that are causing you to look for alternative solutions......Is it strictly or primarily financial ?
pdp10@reddit
I used to build high-scalability, open-protocol, email and collab clusters, then went on to scale webapps. It was never a secret that these systems scaled better than MS Exchange, viz. Hotmail.
Not that Groupwise was worth emulating, but MS Exchange in particular was always literally weighed down by being built as an X.400 server with support for full X.500, to be sold to the U.S. Department of Defense. Most of the lines of code in the product were for extraneous features, and most of the rest was simply overdesigned for the task.
It was never a Microsoft strategy to be any more compatible than strictly necessary. To further the lock-in, they instead encouraged parties to be compatible with Microsoft, not compatible with open protocols. Starting in 2001 or 2002, we had to use MS Exchange in order to use Blackberry Enterprise Server, for example.
JazzlikeAmphibian9@reddit (OP)
The point of the exercise is what if MS and Google no longer is even an option we as Europeans can't use it at all. Where do you go ?
anon_2939269@reddit
I think the pain point is "I've been sanctioned by the US Government and need to rebuild my entire enterprises"
antihippy@reddit
I've seen looking into this and not found one stop solution. You can make something similar by using an email provider like Tutanota with OnlyOffice and some sort of Cloud storage & Identity solution. But that's a lot of work & more expensive overall. I think change is coming but might take a couple of years. I think the penny dropped in Europe's biz sectors that MS lock in is real and, now that we're certain about the US not being a reliable ally, people will work on it.
I think quite a lot of the open source people are well meaning but they don't understand this problem or what MS365 brings to the table. I think (hope) that we'll start to see change now. Fingers crossed because I'm open to anything that ticks all of your boxes.
pdp10@reddit
Probably, but I'm not sure that Microsoft 365 proponents can, either.
Even in successful migrations we find our fair share of bad assumptions. A typical assumption is that a new system must replicate all of the features of the old one. Novell WordPerfect thought that competitors couldn't match the "reveal codes" and the huge database of compatible printer drivers. Turns out those weren't critical after all.
Of course we shouldn't ignore every vendors' continual efforts to make their products "sticky", like encouraging small third parties to make important functionality as a plugin to an established application, or tricky file formats. These are items for I.T. strategy, but perhaps not every organization has that.
Background-Dance4142@reddit
Linux OpenOffice.
I bet your finance department jurassic excel users would love you
Gh0styD0g@reddit
If you want to take control of all that stuff you probably should be looking at on-premise services that you can self host either in a colo on your own tin or in a cloud virtualisation partners service.
iccccceman@reddit
No.
ohiocodernumerouno@reddit
can't you just install Libre office on the linux box and then have people SSH in to it to run Libre office as many users as you need?
hyper9410@reddit
One coherent package could be Opendesk
It utilizes Nextcloud, ColaboraOffice, Dovecot, jitsi and keycloak in one package.
It is handled by a German company funded by the German government.
almightyloaf666@reddit
Well I guess you could look into oodrive, Cloud IAM, OVHcloud, ... depending on needs.
There's plenty of alternatives, but none of them are a "all in one" package like Microsoft's world is. This will require serious integration work.
adrenaline_X@reddit
Doesn’t google do exactly all this though???
nuttertools@reddit
With the exception of no remote kill switch Google does it all. A pirate space station operating on a communal blockchain voting system is probably the closest it is possible to get to that though.
Companies replacing Microsoft with Google are something to run away from though, disaster incoming. You add Google to Entra with premium licensing if it makes sense for your team, not replace it.
almightyloaf666@reddit
Well maybe, but I would not go to Google if there's some viable european alternative.
Besides that, OP wanted european alternatives, Google is not one.
DangerDylan@reddit
I would have a look at openDesk. https://www.opendesk.eu/en It should cover most of your needs. Especially in regards to support.
cmd_blue@reddit
+1 opendesk was created for this
Emmanuel_BDRSuite@reddit
Replacing M365 + Entra is possible, but it’s a DIY puzzle.
Keycloak for SAML/IdP, Mailcow for secure email (TLS 1.2/1.3), Nextcloud + OnlyOffice for real-time docs, and local/hosted EU support if you pick providers like Hetzner.
No kill switch, full control but expect serious admin overhead.
Thanis34@reddit
NextCloud, Authentik and Zimbra would be a combination that solves the entire request, can be self hosted and fully compatible with any Os. On desktops you could use OpenOffice or LibreOffice, Office-like webapps are easily setup in the nextcloud service. Apse already have this running for a customer who wanted to de-SaaS their environment.
Ant-One@reddit
Depnding on your needs, you can replace a lot of (if not all) Entra features with Keycloak.
In fact, I am currently working for a Swiss company that is providing it as SaaS or on-prem as a much cheaper replacement of Entra.
_araqiel@reddit
Keycloak, Zimbra, NextCloud
fresh-dork@reddit
asking for a friend at the ICC
MCRNRearAdmiral@reddit
My gut reaction as well.
IIPoliII@reddit
Maybe Zoho, but I don’t remember from where to company is
iansaul@reddit
Zoho is the answer here, even though many will shrug/brush it off. Depending on your region, you can select data storage within most geographic regions.
It is a highly viable alternative to the M365 mess. And yes, their logo prevented me from taking them seriously for many years - but the ZohoONE platform is a steal for how powerful it is.
XxsrorrimxX@reddit
Zoho is india
totmacher12000@reddit
So.... I just found a provider that offers most of this Cranemail found it on lowendtalk. I picked up a plan to test. they are using https://www.smartertools.com/smartermail/business-email-server
Weary_Patience_7778@reddit
Rippling provides a combo HRIS and IDP with SAML.
Coupled with Google Workspace it might do most of what you want?
Cormacolinde@reddit
Looks interesting, but I think the requirement is “not based in the US”.
thortgot@reddit
Going 100% non American is really tough. While doable the collaboration is dogshit tier.
SandeeBelarus@reddit
It’s the directory piece that other providers lack.
SandeeBelarus@reddit
It’s super tough to match entra id as a directory service. And without that as a backbone. The capabilities will suffer. Directories are fundamental to any stack. Without them the rest don’t matter.
vaiku07@reddit
Use an SSO like okta and then google apps. Cheaper and easier.
vivkkrishnan2005@reddit
IdP - UCS, Authentik, etc
Email - Icewarp?
Collab - collabora online if you dont want to use icewarp
personal drive - nextcloud/owncloud - again if you dont want to use icewarp
Read the ICC thing, dang.
ludlology@reddit
Yes, in the same way that you could grow rubber trees and make tires instead of buying goodyears
damooseknuckler@reddit
You purposely trying to pinch yourself in the nuts?
Lerxst-2112@reddit
OpenText Open Workgroup Suite
Pr0f-Cha0s@reddit
Jumpcloud
redwiresystems@reddit
Main contenders EU folks are looking at
On Premise Microsoft
Less friction during transition, probably the best drop-in replacement currently. Most folks are just using the bare minimum of Microsoft tools like a DC, Office Apps, and Exchange Server, and finding other solutions for the rest.
NextCloud OnPremise/Self Hosting
Scaling might be an issue, depends on your size and internet links if this is viable. Doesn't have everything.
Proton
Technically not EU fully but Switzerland and Germany hosted, so as close as you can get without going NextCloud. Over 100 million active users and tons of collaboration features which they are constantly adding to. It's probably the closest you can get, but there's sometimes a perception, particularly in the US, of it being associated with bad actors since it's heavy on privacy and security, so bad actors use it too.
There is no 1 to 1 replacement you can immediately switch to, but those are the best options. Over the next 5-10 years if things keep up there might be more motivation to focus on particular solutions based on Linux, but there isn't one thing you can point to currently and say "use that", even with larger implementations where cities have standardized on Linux implementations.
Endpoints being Windows is your other problem. Even though Google is US based, there are possibilities with Android and SaaS products that might be practical depending on how long this goes on. But it's going to take money and focus that wasn't there in the past while Microsoft tools were good enough and the de facto standard.
I'm enough of a grey beard to not assume the current outrage will lead to the year of the Linux desktop for the masses, but who knows, there might be the motivation.
rainer_d@reddit
You could look into Zimbra. It does a lot of stuff these days.
PredatorInc@reddit
JumpCloud
thatfrostyguy@reddit
Absolutely. Back on-prem is the way to go, granted it takes more skill to keep things alive
chuckescobar@reddit
The amount of time money and resources that you are going to lose by having to retrain everyone on a non-standard business system will outweigh whatever you are trying to accomplish by this.
Microsoft has a stranglehold on this space for a reason.
plump-lamp@reddit
Zoho one or Zoho workplace. They have the full stack it's just not aimed at big enterprises. It can do most things just not nearly as much admin control
Adam_Kearn@reddit
A work colleague mentioned onlyoffice to me a few weeks ago and it looks really good. Not used it myself but it seems to fit your needs
Allows you to self host it and manage it centrally and the best part it looks exactly like normal office apps.
With email you can use any sort of local hosted SMTP / IMAP server but be prepared for a massive headache.
Identify management you should be able to setup your own LDAP server. There is a few I’ve seen before that also support SAML.
There is a registry change within windows you can do to use your own LDAP server instead of Active Directory.
Alikont@reddit
It looks like office apps, but it's far, far from MS Office in usability.
Nextcloud is nice if you need a file sync and don't need concurrent editing (it sucks at concurrency).
Site-Staff@reddit
Apple’s ecosystem. Or go Linux.
Alaknar@reddit
How does that solve anything OP listed...?
Wing-Tsit_Chong@reddit
Keycloak, gpg with whatever email server, nextcloud?