How can I monitor Entra Connect Health Sync?
Hello, How can I monitor Entra Connect Health Sync events and get alerts on failures? I have set up to be alearted to events in the Entra portal but I only get a summary email, and not instant notifications. I wish to informed if there is a loss of sync between OP and Entra, or with SSPR? Is this possible other than what MS give us in the Portal. Thanks
HAADJ with Intune Co-Management
Hello, -I have HAADJ tenant with Intune Co-Management. -AD connect syncs devices only and not users to Entra (as users are third party provisioned and federated). -Devices appear in Azure then are added to group for Intune policy enrollment. Enrollment is done via GPO. -They get enrolled in Intune using Co-management with SCCM, Auto MDM enrollment with device credentials and appear in Intune as co-managed. -Bitlocker is applied via Intune on the devices to encrypt fixed data drives and operating system drives. GPO is applied to avoid backing up recovery key in AD as explained here. https://www.burgerhout.org/the-bitlocker-haadj-nightmare/ Question(s): 1-For testing, We encrypt and remove semantics drive encryption, Restart is done during removal then recovery key screen appears and key is requested to access device. Second Restart after uninstall, The Key is not requested. 2-After testing Recovery key is stored in Intune but not stored in the below location https://myaccount.microsoft.com/ -> Devices -> Manage Devices -> Select devices -> View Bitlocker Keys (It appears only in test environment where enrollment is done via User credentials as opposed to device credentials) 3-Devies in Azure under the following URL https://entra.microsoft.com/#view/Microsoft_AAD_Devices/DevicesMenuBlade/~/Devices/menuId/Devices -> Show an owner when device is first moved with AD sync however later on owner is removed and the behavior is very random, However in Intune, Devices show a Primary user logged in as long as someone is logged in to office which is fine and acceptable. So what could be the reason for issue in Azure/Entra?
Disabling Directory Sync Makes 72 hours of Wait? (G Suite to O365 Migration with Directory Sync)
Hi Team, As mentioned in the article "https://docs.microsoft.com/en-us/exchange/mailbox-migration/perform-g-suite-migration", it requests admin to disable directory synchronization: "Once the Mail Users have been created in Microsoft 365, the Azure AD Connect may need to be disabled in order to allow the migration process to convert these users into mailboxes - see Turn off directory synchronization for Microsoft 365." However, disabling Directory Synchronization will make it disable for 72 hours before we can start it back. This is pretty much conflicting when you perform batch wise migration and if any user wanted to reset the password at the time it will not sync back to Office 365 (Azure AD). Kindly propose clear solution for this? How to achieve this properly when there is a directory synchronization enabled? Step by step Furthermore, Please do let me know when to assign relevant Office 365 licenses in this matter? Is it before the migration batch started or else after migration completed? "https://docs.microsoft.com/en-us/microsoft-365/enterprise/turn-off-directory-synchronization?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/enterprise/turn-off-directory-synchronization?view=o365-worldwide" Thanks, NeoKevinAAD Connect sync and Exchange hybrid
Is Exchange hybrid a pre-requisite for setting up AAD Connect sync? Company migrated to Exchange Online few years ago and there are no Exchange on-premises servers anymore. All users have Exchange online mailboxes and are created as cloud only. Users use different credentials to login to domain joined desktops and to login to Outlook email. Now company wants to setup AAD Connect sync to ensure users use a single ID to login to their domain joined desktops and Office 365. However, would setting up sync now also require setup of Exchange hybrid in order to change mail properties e.g. setting up distribution lists, adding or changing mail alias for user accounts etc.
Setting up Password Hash with Seamless Sign On to access Azure hosted apps
Hello, We have an Environment, where ADFS 3.0 and SSO is setup for a domain. This is used to access Office 365 as well as Azure hosted apps & Legacy Apps. Password Hash/Sync is already in place. Requirement is to use Seamless Sign On to access Azure Based Apps. Is it possible? How? If someone can outline the steps, it would be highly appreciated. Note: All workstations are joined to Azure AD already. We want to keep ADFS alive to access legacy Apps. However, we are ready to change Domain Authentication type to Managed from Feder