Today I’m psyched to announce a significant update to Azure AD Connect —the simple, “one stop shop” for connecting your Windows Server Active Directory and Azure Active Directory. As I mentioned in my blog post earlier this year, we’ve already seen tremendous excitement and adoption growth of Azure AD connect. And since that blog post, nearly 10K new customers have used Azure AD Connect to integrate the directories across their hybrid enterprise. So it exciting to announce the following set of enhancements to Azure AD Connect that we’ve released today:
- Reduction in the sync interval to keep your Azure AD in sync with AD on-premises more quickly
- Support for automatic upgrades
- Ability to switch between sign-in methods through the wizard to enable faster pilots
- Support for Domain and OU filtering within the wizard
In addition, we’re also announcing the General Availability the device write-back and schema extension support capabilities we announced before. Through the preview period of these features, we’ve gotten tremendous response and feedback and am thrilled to announce the GA of these features.
You can download the latest version of the Azure AD Connect tool here. I’ve asked Girish Chander to give you a run-down below of all the new capabilities in this release.
Alex Simons (Twitter: @Alex_A_Simons)
Director of Program Management
Microsoft Identity Products and Serviced
For those of you who don’t know me, I’ve been with the Azure Active Directory team since its inception and have worked on difference aspects of the service in that time. You may remember me from the posts we did on Cloud App Discovery, which was a service I led to GA. Most recently, I’ve starting focusing on our Hybrid strategy to help customers get to the cloud faster and derive value from the cloud quickly. Azure AD Connect is a critical component of that strategy and I’m thrilled to walk you through the enhancements we’ve made to the tool with this release.
Being a service, we like to bring you improved capabilities and features across our offering on a periodic basis. As a result, we may update Azure AD Connect on a regular basis to best serve your needs. While in the past, this has required administrators to manually update Azure AD Connect to take advantage of these improvements, we believe we need to make this simpler. To that end, Azure AD Connect configurations that use ‘Express Settings’, will be capable of being auto-updated to future versions of the tool and benefit from improvements and new capabilities with no administrative intervention. With a majority of our customers using ‘Express Settings’ a lot of you will be able to take advantage of this feature. Existing customers will need to update their Azure AD Connect server to this version of Azure AD Connect one-time to benefit from this feature. For customers that use ‘Express Settings’ this will need to be the last time you’ll need to manually update Azure AD Connect J
Reduced sync interval
Since the early days of our Sync story, we’ve always kept the default sync interval at 3 hours and changing that frequency has not been supported. Reducing the sync interval has been a big ask from our customers who want to keep their AD and Azure AD directory data ‘in-sync’ more frequently. With this new release, we now support sync directory data every 30 minutes.
Additionally, you can configure the sync interval in a supported way. However, you choosing a value lower than 30 minutes is not supported. For specific steps to do this see the detailed documentation here.
It is recommended that all your users who have administrative privileges have strong authentication configured. However, in the past the Azure AD Connect wizard did not natively integrate with the MFA flows in Azure AD. As a result, using an admin account with MFA was difficult. With this release, Azure AD Connect now leverages the Azure AD Authentication library (ADAL) and the Modern Authentication protocols that it supports, for sign-in to Azure AD. You can now specify an admin user that has MFA or PIM configured to connect to Azure AD.
Some of our customers need the ability to filter specific OUs and Domains when sync’ing the directory on-premises with Azure AD for a variety of reasons—either because some of these domains/OUs are temporarily unavailable or unreachable or because they don’t want certain users to sync to the cloud. This capability was not natively supported in the Azure AD Connect wizard before and required a post-install step outside of the Azure AD Connect wizard to configure. With this release, in the ‘customize’ path of the Azure AD Connect install, you will now have the option to select domains and OUs which should be synchronized. This option also overcomes a constraint that caused problems for some of our customers—that all domains and OUs needed to be selected and available at install time, for the wizard to complete.
For example, in the picture above, the R&D domain in Fabrikam’s environment cannot be reached due to firewall restrictions. Since this is expected and they will not sync this domain with Azure AD, we can continue the installation without this domain.
Changing user’s sign-in method
In previous releases of Azure AD Connect, once a particular sign-in method was chosen at the time of install, you could couldn’t change the chosen method through the wizard without a reinstallation. We’ve heard from a number of you that this is very restrictive. It is very common for many of our customers to try and pilot Azure AD or O365 using password sync as the sign-in option. And as they grow their usage, some of these customers like to switching to using Federation. Taking this approach just got a lot easier with this release.
It is now possible to change the method through the Azure AD Connect wizard. Just run the installation wizard again to change the sign-in option.
We hope you will download the latest version of the tool and upgrade to it today. You can find it here. Alternatively, you can see the full version history of Azure AD connect and install it from here.
As I mentioned before, Azure AD Connect is a critical component in enabling customers to integrate with and derive value out of Azure AD across their Hybrid enterprise. This is a key area of focus for us and we’ll continue to work on and deliver improvements in this space to you in as seamless a manner as possible.
Send us any feedback that you may have. We look forward to hearing it