Many customers connect their private corporate networks to Microsoft 365 to benefit their users, devices, and applications. However, there are many well-documented ways these private networks can be ...
Updated Dec 19, 2020
Version 2.0
Blog Post
I definitely need more time to digest the whole blog but I have a few simple questions for the scenario where there is an AD Connect connection between M365 & Local AD. According to best practices what should I implement:
1. PIM on an AD-M365 synced account with SSO (same password) so you have just in time and just enough access leveraging the benefits of machine learning in AD identity protection and/or MCAS.
2. PIM on an M365 admin only account that is solely used for administrator access and therefore has no (or a very limited) data for the machine learning baseline.
And we use AD Connect to give users an consistent login experience and SSO. We would love to keep the identity controls on AAD level (like with AADDS) but so far that is not possible. Do I understand above blog correctly that you would recommend avoiding the use of AD Connect? Or at least the password sync functionality but that would mean we loose SSO as well and that seems crucial in our passwordless journey...