What is Azure AD Connect?

An expert panel – including Microsoft’s Rob de Jong, Senior PM responsible for Azure AD Connect – answer a wide range of questions about Azure AD Connect in this March 2020 webinar 

Azure AD Connect is a Microsoft brand that is mostly about presenting on-premises Active Directory and Azure Active Directory in a seamless way, in particular giving users the experience of single sign-on, or at least same sign on. It includes a number of technologies:

  • Azure AD Connect Sync
  • Azure AD Connect Health
  • ADFS (Active Directory Federation Services)
  • The PHS/PTA/SSSO Provisioning Connector

The primary component (and what people often mean when they say “Azure AD Connect”) is Azure AD Connect Sync. This is a synchronization service intended to run between AD (Active Directory) and Azure AD (though it can in fact do much more). The interface looks the same as the FIM or MIM synchronization service manager (and that’s because it is based on FIM 2010), but with far fewer types of Management Agents (“connectors”) available.

A significant difference is that synchronization rules bear little correspondence to those in FIM or MIM, and are configured in a special interface, entirely through a UI (no coding).

The whole thing is set up using a wizard, and while there is nothing to stop you manually editing all manner of configuration options, you should do any further configuration with care, as not all usage is supported. What is and is not supported is not something we can explore on this page – nor why! If you want to know about this, you need our 3-day Masterclass.

Azure AD Connect Health, as the name implies, is an on-cloud service that gives you insights into the synchronizations performed by Azure AD Connect Sync and lets you know (for example) about any synchronization failures.

The Provisioning Connector is a multi-purpose component which enables password hash synchronization, pass-through authentication, seamless single sign on, and can provision WorkDay users into Active Directory (WorkDay is a cloud HR system). Between this and the remaining components, Azure AD Connect can support a number of authentication methods, ranging from Same Sign-On (username and password are synchronized), to pass-through authentication, to federated single sign-on. See here for further details.

Resources, tools and training on Azure AD Connect!