News

Microsoft Launches Azure AD Connect and Azure AD Connect Health

• By Kurt Mackie
• June 25, 2015

Microsoft on Wednesday announced the general availability of Azure Active Directory (AD) Connect, as well as Azure AD Connect Health.

The company had promised earlier this month that it planned to deliver Azure AD Connect by the end of June. Wednesday's announcement is noteworthy because the "general availability" of Azure AD Connect likely will help speed up the deployment of the kind of mobile device management (MDM) and mobile application management (MAM) scenarios that Microsoft has been describing throughout this year. However, many of those capabilities will still depend on the availability of some Windows 10 and Windows Server 2016 technologies.

The Azure AD Connect Health tool, also commercially available, is a solution for monitoring infrastructure components. It comes with Azure AD Premium subscriptions. For this release, Microsoft added support for monitoring Active Directory Federation Services (ADFS), which is a Windows Server technology. The Health tool surfaces configuration and performance information and delivers alerts to IT pros. It also tracks user log-in activity, including log-in failures.

Spotlight on Azure AD Connect
Azure AD Connect is a wizard-like tool that makes it easier for organizations to connect their premises-based AD infrastructures with Microsoft's cloud-enabled Azure AD service. Azure AD Connect combines the features of Microsoft's Directory Synchronization (DirSync) and Azure AD Sync Services tools. Those latter two tools are subject to deprecation by Microsoft, with Azure AD Connect being the main tool going forward.

Microsoft also is readying its Microsoft Identity Manager solution (the successor to Forefront Identity Manager 2010 R2), which supports features lacking in the Azure AD Connect tool. Microsoft Identity Manager is currently at the preview stage, but Microsoft previously indicated it would be released sometime in the first half of this year, so its release is likely close at hand.

An overview summarizing Microsoft's directory integration tools can be found in this MSDN library article. It shows which features are supported.

Azure AD Connect Capabilities
Microsoft is claiming that the Azure AD Connect tool can set up a single premises-based AD forest to work with Azure AD "with just a few clicks." It also can connect "multiple forests at one time," per Microsoft's announcement.

Organizations leveraging Active Directory Federation Services (ADFS) on premises can also use the Azure AD Connect tool to set up single-sign access for their end users. Despite its name, ADFS is considered by Microsoft to be Windows Server technology. Single sign-on is terminology that Microsoft uses to describe using a single password to access both premises-based apps and Software as a Service (SaaS) cloud apps.

The Azure AD Connect tool is capable of performing upgrades for organizations that previously used Microsoft's DirSync or Azure AD Sync tools. It won't disrupt the single sign-on access capabilities that were previously established, Microsoft's announcement promised.

Microsoft's announcement also listed these capabilities that can be provisioned using the Azure AD Connect tool:

• Enable your users to perform self-service password reset in the cloud with write-back to on premises AD
• Enable provisioning from the cloud with user write back to on premises AD
• Enable write back of "Groups in Office 365" to on premises distribution groups in a forest with Exchange
• Enable device write back so that your on-premises access control policies enforced by ADFS can recognize devices that registered with Azure AD. This includes the recently announced support for Azure AD Join in Windows 10.
• Sync custom directory attributes to your Azure Active Directory tenant and consume it from your cloud applications

Despite the general availability releases on Wednesday, Microsoft is already working on expanding the capabilities of its Azure AD Connect and Azure AD Connect Health tools. For instance, it's planning to add "additional sync and sign on options."