Can you install AD Connect instance in Azure without internet connection?

Copper Contributor

Can you install AD Connect instance in Azure without internet connection?  Is there a way to locally communicate with Azure AD in Azure? In the other public cloud provider this is possible.

6 Replies
Hi Cloudcrazy,

Not possible with Azure.

ADConnect needs to sit on Server (physical/Azure AD DS/VM), sync the changes from OnPremise network and push it to the cloud using the internet.

Do you mind me asking why you need to sync without exposure to the internet? If security concerns, you can use Pass Through which not going to sync passwords to the cloud.


https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta

Hope this helps!
Moe

@Moe_Kinani - the thinking of internet traffic can still be compromised and know the content of traffic are user accounts.

 

I was looking around and I saw documentation from o365 GCC about it and thought it can be applied to commercial setup

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-instancesadconnect govsetup.PNG

Hi Cloudcrazy,

I still think Pass Through is the way to do it if you have Security concerns, as the authentication will not be stored in the cloud and authentication stays local.

Never worked in government sector and can’t speak about the document you shared.

Good luck and let us know how it goes!
Moe

@cloudcrazy yes you can do this by using Express Route, see https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction. This works with the gov cloud tenants, but you must get permission to use those tenants

Not all the services go internally with Express Route, especially AD Connect. It does need access to bulk of IPs using the internet.

https://docs.microsoft.com/en-us/office365/enterprise/azure-expressroute

@Dean_Gross - so this would mean setting up an on-premise AD connect then,  or I can do it via Azure IaaS?