Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Agent for Identity Manager to sync to Azure AD

Brass Contributor

I colleague asks if there is a way to use MIM/FIM to sync to Azure AD?

I recall that there used to be a FIM agent that you used in multi-forest scenarios. 

Today AAD Connect handles multi-forest.

 

This company already has Identify Manager deployed and uses it heavily, so they want use it instead of deploying Azure AD connect if possible. 

 

4 Replies

Yes that can be done. @Spencer Harbar has an excellent presentation at Ignite last year on this topic https://myignite.microsoft.com/videos/1379

Like Dean said, yes it is possible. You can also check MSDN

On this page you will find a guide to install and configure the connectors to azure ad connect services!

Everyone is right that it is possible. That being said, the official recommendation is to deploy a seperate instance with Azure AD Connect. The features that get rolled into and released to Azure AD Connect often are unavailable using the Azure AD MA with MIM.

 

More details on what's supported here: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-hybrid-identity-design-cons...

Yes highly recommended to run Azure AD Connect as your identity bridge between on premises and cloud as it is frequently updated in sync with updates in Azure AD as well as in Office 365 in hybrid mode. In a FIM/MIM instance these frequent updates on the connector could make updates/changes that affect other connectors and more often than not organizations really dont want to touch their configured connectors and sync schedules.

 

So yes the best practice is to have Azure AD Connect be your connection between AD and Azure AD.

 

Brjann