cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Strengthen your hybrid identity with these new Azure AD Connect releases
By
Alex Simons (AZURE)
Published Feb 03 2021 11:21 AM 40.9K Views
Alex Simons (AZURE)
Microsoft
‎Feb 03 2021 11:21 AM

Strengthen your hybrid identity with these new Azure AD Connect releases

‎Feb 03 2021 11:21 AM

Howdy folks,

 

We continue to hear from you that hybrid identity is as important as ever, even as more apps move to the cloud. In Azure AD, our key hybrid identity tool is Azure AD Connect. This comes in two flavors based on your use case needs: Azure AD Connect sync which lives on-premises, and Azure AD Connect cloud sync which is powered by the cloud. We are constantly improving these capabilities based on your feedback, to make it easier to deploy and configure while also improving security, scale and throughput. 

 

Today we're announcing Azure AD Connect cloud sync is generally available! This was formerly known as Azure AD Connect cloud provisioning during its preview. We have also made significant updates to our classic Azure AD Connect sync tool with improved scale and performance.

 

 

Azure AD Connect cloud sync general availability

 

Azure AD Connect cloud sync is the future of our hybrid identity sync capabilities. It moves all the heavy-lifting of the transform logic to the cloud. It also reduces the on-premises footprint with light-weight agents that can be distributed for enterprise-grade availability. Customers can deploy this either standalone, or even alongside Azure AD connect sync. When deployed together, it allows you to connect disconnected AD forests that arise from merger and acquisition or remote office location scenarios. To see the differences in the sync capabilities within Azure AD Connect, check our comparison chart.

 

Since our public preview, we’ve introduced some additional capabilities:

  • Enhanced security with support for gMSA: Using the group Managed Service Account (gMSA), you no longer need to provide domain admin credentials to run the sync agent. You can either use your own custom gMSA account or the one defined by us.
  • Ability to sync large directories with up to 150,000 directory objects per configuration and large groups with up to 50,000 members.
  • Prevent accidental deletes by configuring a threshold for deletes beyond which you get notified to take action.
  • Health features that allow you to monitor your sync service and resolve common data issues such as duplicate attribute values.
  • Advanced troubleshooting tools that helps your organization easily find out if something goes wrong with your sync configuration.

To get up and running with Azure AD Connect cloud sync today, check out our documentation.

 

 

Azure AD Connect sync updates

 

Many of you have been using classic Azure AD Connect sync for years as the primary means to bridge your hybrid identity. We’ve heard that as your business and teams grow, you need higher throughput on syncs as well as be able to sync larger groups. With the general availability of our v2 end point and latest build of Azure AD Connect sync, you can now sync groups of up to 250,000 members and customers who previewed the new end point saw 3 to 10x improvement in performance on average on their sync times. One customer told us that this update “has resulted in dramatic performance improvements on our delta synchronizations. Before, during the work week, the average was constantly around 5 hours. This week it is 25 minutes.”

 

To try the v2 end point and make sure you’re using the latest build of Azure AD Connect sync, check out our documentation.

 

As always, we’d love to hear from you. Please let us know what you think in the comments below or on the Azure AD feedback forum.

 

Best regards,

Alex Simons (twitter: @alex_a_simons)

Corporate Vice President Program Management

Microsoft Identity Division

 

 

14 Comments
Chris_Vella
Brass Contributor
‎Jan 30 2021 12:59 AM
‎Jan 30 2021 12:59 AM

Great to see Alex. I'd really like to see password writeback support in Azure AD Connect cloud sync to allow us to go all in while still supporting our legacy AD.

Wesley-Trust
Copper Contributor
‎Jan 30 2021 03:18 AM
‎Jan 30 2021 03:18 AM

Is there a roadmap for feature parity with Azure AD Connect?

0 Likes
Like
Wesley-Trust
Copper Contributor
‎Jan 30 2021 03:19 AM
‎Jan 30 2021 03:19 AM

Since this is a lightweight agent, would it be supported / recommended to install on a DC (just like it is common to do with other lightweight agents).

0 Likes
Like
Wesley-Trust
Copper Contributor
‎Jan 30 2021 03:22 AM
‎Jan 30 2021 03:22 AM

Two important features not supported that are blocking my use are Pass-Through Authentication and Password write back.

IamJonathan
Copper Contributor
‎Jan 30 2021 11:55 AM
‎Jan 30 2021 11:55 AM

I too am looking forward to multi-forest password writeback. This is the last functionality we need in order to fully retire MIM.

paparth
Microsoft
‎Jan 30 2021 08:01 PM
‎Jan 30 2021 08:01 PM

Hi @Alex Simons (AZURE) - It'd be great to see the support for device objects and directory extensions.

Sven Lüders
Copper Contributor
‎Feb 01 2021 06:56 AM
‎Feb 01 2021 06:56 AM

As long as a hybrid identity uses Exchange Online services the Azure AD Connect is required because of the writeback, isn`t it?

So the cloud sync feature can only be set up if a hybrid identity does not use Exchange Online, right?

Best regards,

Sven

 

update: @DhanyahkMSFT now cloud sync has the hybrid exchange writeback in public preview👌🏼

0 Likes
Like
DhanyahkMSFT
Microsoft
‎Feb 01 2021 08:33 AM
‎Feb 01 2021 08:33 AM

@Sven Lüders That's correct. We are working on a roadmap to achieve functional parity with AAD Connect and until then, you can use cloud sync side by side with AAD Connect.

DhanyahkMSFT
Microsoft
‎Feb 01 2021 08:41 AM
‎Feb 01 2021 08:41 AM

@IamJonathan @Wesley-Trust Password write back and PTA for multi disconnected forests is in the roadmap and currently working on it. As soon as we have an update, we will let you know. Also, there's a roadmap for feature parity with Azure AD Connect that we are working on. Until then, you can use Azure AD Connect and cloud sync side by side.

DhanyahkMSFT
Microsoft
‎Feb 01 2021 08:42 AM
‎Feb 01 2021 08:42 AM

@Wesley-Trust The answer is Yes to installing the light weight agent on a DC as well. 

0 Likes
Like
Dean Gross
Silver Contributor
‎Feb 07 2021 09:27 AM
‎Feb 07 2021 09:27 AM

Can this be used when an org already has cloud only accounts? i.e., to integrate/merge on-premises accounts with the correct cloud accounts.

0 Likes
Like
Nthabiseng
Copper Contributor
‎Feb 17 2021 10:21 AM
‎Feb 17 2021 10:21 AM

This is great news. I just wish it was supporting the device objects and password writeback. 

0 Likes
Like
Alban1998
Iron Contributor
‎Nov 23 2022 08:10 AM
‎Nov 23 2022 08:10 AM

Hello @DhanyahkMSFT , last time I checked Cloud Sync agent is still not supported on Server Core, which prevents its installation on most Domain Controllers (themselves using Server Core, as per Microsoft own Best Practices).

Is there any plan to fix this ? It would make sense from a security perspective that a Tiers 0 component shouldn't rely on GUI, which signficantly increases surface attack of hosting servers...

Sven Lüders
Copper Contributor
‎Jun 29 2023 07:43 AM
‎Jun 29 2023 07:43 AM

now cloud sync has the hybrid exchange writeback in public preview 👌🏼
Exchange hybrid writeback with sync - Microsoft Entra | Microsoft Learn

0 Likes
Like
Version history
Last update:
‎Aug 19 2021 04:22 PM
Updated by: