What is Azure AD Connect cloud provisioning?

Azure AD Connect cloud provisioning is an agent-based identity sync tool that is configured and managed from the cloud. While it performs the same basic functions as Azure AD Connect Sync, the architectures are radically different.

In its initial release on 5 December 2019, Microsoft is looking to solve a use case for disconnected Active Directory that was previously impossible for Azure AD Connect Sync. The term ‘disconnected AD’ refers to an Active Directory that is not reachable on an organization’s network. We see this most commonly in mergers and acquisitions.

Azure AD Connect cloud provisioning can run in a tenant already using Azure AD Connect Sync.  Currently, this is not a replacement for Azure AD Connect Sync. It’s more of a use case enablement feature.

There are things it cannot do, for example: no pass-through authentication (only password hash sync is supported), device objects are not supported, custom Active Directory attributes are not supported, attribute filtering not supported, password write-back is not supported. So it is of limited value right now and is targeted at a very specific use case. But we can make an educated guess that it is a stepping stone towards something better – and cloud-based!

Read more in this blog.


Find out more about Azure AD Connect cloud provisioning on our Azure AD Connect Masterclass.

First published 20 January 2020