Forum Discussion
Rebuild Azure AD Connect and Hybrid
Hi AtanasM,
I wrote some instructions on enabling AAD Connect with PHS and compared to Cloud sync (if plausible for you) Section 4 – Implement an Identity Management Solution – Implement and manage hybrid identity – AADC, Cloud Sync and PHS – Set-AzWebApp -name "Anything Microsoft and other stuff on the side" (cloudpartner.fi)
And for PTA, SSO and ADFS integration Section 5 – Implement an Identity Management Solution – Implement and manage hybrid identity – PTA, SSO and ADFS – Set-AzWebApp -name "Anything Microsoft and other stuff on the side" (cloudpartner.fi)
The first security practices are to use the new Hybrid Administrator as sync account and treat your AAD Connect servers as Tier0 servers, just like Domain controllers and ADFS.
Never give too much rights for anyone and use different accounts, preferably GMSA accounts, not single users.
Hope this helps,
Hi AtanasM,
I wrote some instructions on enabling AAD Connect with PHS and compared to Cloud sync (if plausible for you) Section 4 – Implement an Identity Management Solution – Implement and manage hybrid identity – AADC, Cloud Sync and PHS – Set-AzWebApp -name "Anything Microsoft and other stuff on the side" (cloudpartner.fi)
And for PTA, SSO and ADFS integration Section 5 – Implement an Identity Management Solution – Implement and manage hybrid identity – PTA, SSO and ADFS – Set-AzWebApp -name "Anything Microsoft and other stuff on the side" (cloudpartner.fi)
The first security practices are to use the new Hybrid Administrator as sync account and treat your AAD Connect servers as Tier0 servers, just like Domain controllers and ADFS.
Never give too much rights for anyone and use different accounts, preferably GMSA accounts, not single users.
Hope this helps,
