The privacy of the entirety of an organization's data, secrets and credentials is paramount.

Organizational privacy is directly dependent on the autonomy an organization's primary Identity and Access services.

At most organizations worldwide, mission-critical primary Identity and Access services are delivered by Active Directory.

At such organizations, all primary identities are in autonomous control and all authentications and authorizations happen internally, and thus knowledge of Who is logging on, when, where, and accessing what stays within the organization.

In contrast, at organizations wherein their primary identities and credentials are stored, managed or secured in an(y) external (entity's) infrastructure (e.g. the Cloud), authentications and authorizations happen externally, and thus highly sensitive knowledge of Who is logging on, when, where, and accessing what is always also known to the external entity.

Consequently, organizations whose primary identites or access-control services are in external hands, have no privacy.

Organizations whose primary Identity and Access services are provided by Active Directory do not relinquish privacy.