Mar 03 2018 04:07 AM
Hello
I know 0365 used Azure AD as its identity store (possible the first product to do so)
However if I already have an Azure AD tenant (using for various things like IaaS, and AD Connect from on-prem AD)
Then I decide to sign up for 0365 I do not want to end up with two cloud directories (e.g. Azure AD from my Azure tenant/subscription and another from my 0365 tenant/subscription)
Otherwise I assume I would have to sync the on-prem AD users to two directories instead of one.
Any advise on this most welcome
Thanks
JoJacksons
Mar 03 2018 05:13 AM
Good question, see if this thread helps
Mar 03 2018 05:44 AM
Thanks for the reply Ian
This goes some way towards answering my question
Looks like there is no way around having two instances of Azure AD one for O365 and one for Azure which is a real shame. The is looks like you have to invite yourself to be a global admin from the Azure AD to your O365 AD so you can managed both.
My bigger issue is this
If I have an on-premise AD (like most people) and sync my AD users to Azure AD using AD Connect (again a common scenario) so I can then give these sync users access to cloud apps under MyApps.Microsoft.com e.g. Box or other app.
Then later I want to add O365 but 'for the same set of users' e.g. the users that are synced from on-premise to Azure AD but I end up with a separate could directory (e.g. the one backing O365) it is logical these separate O365 directory will have no knowledge of the users already synced to Azure AD (e.g. the once with Box and other apps under their MyApps portal) as they will be in a separate tenant, meaning somehow I will have to sync the users again using AD Connect but this time to O365 instead of Azure AD so I would have two syncs going side-by-side from on-premise AD to Azure AD and O365 AD
Unless I am missing something here, that would logically appear to be how it is setup
Any further advise most welcome
JoJacksons
Mar 03 2018 06:07 AM
I don't think so. When I logon to my instance of Azure AD, which was merged some time ago with my Office 365 AAD instance - I can see and manage my users that were added in Office 365. These Office 365 users were added as cloud accounts as I no longer run a local AD, but I can't see that this would matter.
Mar 05 2018 09:31 AM
Hello Ian
Thanks again for taking the time to reply, in your last reply you said
"merged some time ago with my Office 365 AAD instance"
How do you mean 'merged' as far as I am aware they are two separate tenants and therefore two separate directories?
Please elaberate thanks very much
JoJacksons
Mar 05 2018 09:32 AM
Hello Ian
Thanks again for taking the time to reply, in your last reply you said
"merged some time ago with my Office 365 AAD instance"
How do you mean 'merged' as far as I am aware they are two separate tenants and therefore two separate directories?
Please elaberate thanks very much
JoJacksons
Mar 05 2018 09:35 AM
Hello Ian
Thanks for taking the time to reply, much appreciated
When you say in your reply "When I logon to my instance of Azure AD, which was merged some time ago with my Office 365 AAD instance" what do you mean by 'merged' I thought there were two separate tenants and therefore two separate directories, or do you mean you can manage them from one please?
Please elaborate,
Thanks very much
JoJacksons
Mar 05 2018 11:30 AM
No you’re right, 2 directories still exist, merge is a term used by Microsoft in that link I sent you
Mar 06 2018 03:36 AM
SolutionHi Jo,
You can add an O365 subscription to your existing Azure subscription as descrided in the following link.
This way you only have one Azure AD directory which is synced with your local AD.
Best regards,
Ruud Gijsbers
Mar 06 2018 09:50 AM
Thanks very much Ian and Rudd, much appreciated.
JoJacksons
Mar 06 2018 03:36 AM
SolutionHi Jo,
You can add an O365 subscription to your existing Azure subscription as descrided in the following link.
This way you only have one Azure AD directory which is synced with your local AD.
Best regards,
Ruud Gijsbers