Future Tech/infrastructure
Cloud IAM Becomes the Only IAM
By 2029, identity directories run in the cloud or they do not run. The last Fortune 500 on-prem AD deployment retires. The hybrid era ends.
// By 2029 · high confidence · disruption 7/10
Prediction
// 2029
By 2029, fewer than 5% of new IAM deployments will involve any on-premises identity store.
What dies
- → on prem active directory
Who wins
- → Microsoft Entra ID
- → Okta
- → JumpCloud
The hook
Microsoft's own roadmap tells the story. In 2013, Microsoft positioned Azure AD as a complement to on-prem AD. By 2023, Entra ID is the strategic direction. By 2029, on-prem AD is in maintenance mode.
Thesis. Cloud IAM did not win on features. It won on operating model. Running a cloud directory costs 60 to 80% less than running on-prem AD when you fully load the costs.
The story
The setup
25 years of on-prem AD as the enterprise default. Group Policy, domain controllers, replication topology, the whole stack. A specialist career was built on running it.
The cloud bridge
2010s. Azure AD, Okta, OneLogin launch as 'extensions' to on-prem identity. The first decade was about federation: cloud apps trusting the on-prem directory.
The pandemic accelerant
2020 remote work forces cloud-first identity. Companies that resisted the cloud migration get pushed by necessity. The 'we will move next year' deferral budget runs out.
The model flip
2023 to 2025. Microsoft's own messaging shifts. Greenfield deployments are cloud-only. Hybrid becomes the migration state, not the destination. The architecture conversations stop being about 'whether' and start being about 'how fast.'
The retirement
By 2029, the last major on-prem AD deployments retire. Government and regulated industries linger to 2032 and beyond, on extended support contracts, in air-gapped environments, with carve-out exemptions in cloud-mandate policies.
First signals (verify today)
Microsoft pushing Entra ID for new deployments. AD greenfield deployments at all-time low. Okta enterprise wins accelerating.
Key data points
- Microsoft Entra ID rebrand from Azure AD: 2023
- Okta IPO: 2017
- Cloud IAM market growth rate: 15 to 25% annually
- Typical AD migration timeline: 18 to 36 months
- Average AD-to-Entra ID migration cost: $200 to $500 per seat
Contrarian angle
Microsoft is making more money from helping enterprises migrate off AD than it ever made from selling AD. The most strategic product in Microsoft's identity portfolio is now the migration tooling.
The flip side
What this kills
The paired obituary in Tech Graveyard.
Read the obituaryFAQ
What about air-gapped environments?
On-prem AD persists. Defense, classified networks, certain critical infrastructure. The 5% number in the prediction reflects this floor: it is not 0%, it is the long tail of environments where cloud is not an option.
Is Active Directory the same as Entra ID?
No. AD uses Kerberos and LDAP over a private network. Entra ID uses OAuth, OIDC, and SAML over the public internet. The protocol surface, security model, and operational characteristics are different.
What's the cost of migrating from AD to Entra ID?
$200 to $500 per seat fully loaded for a 50,000-employee enterprise. The hardware and licensing savings recover the migration cost over 3 to 4 years. The driver is not cost savings; it is risk reduction and operational simplification.
More from guptadeepak.com
Want the technical deep-dive behind this prediction?
Read the companion articleRelated predictions
More from the infrastructure desk.
// By 2028
high confidenceZero Trust Becomes the Default Network Architecture
Zero Trust stops being a buzzword and becomes the boring default. New deployments skip VPNs entirely. The 1996 perimeter model finally retires.
First signals: Cloudflare Access at 100M+ users. Tailscale at meaningful enterprise penetration. CISA federal Zero Trust mandate by 2027.
infrastructure · Disruption 7/10
// By 2028
medium confidenceSynthetic Data Becomes the Primary AI Training Data
The internet ran out of high-quality text for AI training. Synthetic data is filling the gap. By 2028, more AI training tokens come from AI than from humans.
First signals: Anthropic publishes papers on synthetic data scaling. Microsoft Phi models trained on synthetic data. Sakana AI synthetic training. Scale AI pivoting toward synthetic.
infrastructure · Disruption 8/10
// By 2029
high confidenceEdge AI Compute Becomes the Default for Latency-Critical Workloads
Apple Intelligence runs on-device. NPUs ship in every laptop. By 2029, most consumer AI inference is at the edge, not in the cloud. The economics force it.
First signals: Apple Intelligence ships on-device. Snapdragon X NPUs in Windows laptops. Groq and Cerebras pushing inference at speeds cloud cannot match. Cloudflare Workers AI scaling.
infrastructure · Disruption 8/10