Azure AD Connect cloud provisioning is an agent-based identity sync tool that is configured and managed from the cloud. While it performs the same basic functions as Azure AD Connect Sync, the architectures are radically different.
Azure AD Connect CloudSync is an agent-based identity sync tool that is configured and managed from the cloud. While it performs the same basic functions as Azure AD Connect “Classic”, the architectures are radically different.
In its initial release on 5 December 2019, Microsoft was looking to solve a use case for disconnected Active Directory that was previously impossible for Azure AD Connect “Classic”. The term ‘disconnected AD’ refers to an Active Directory that is not reachable on an organization’s network. We see this most commonly in mergers and acquisitions.
Azure AD Connect CloudSync can run in a tenant already using Azure AD Connect “Classic”. Currently, this is not a replacement for Azure AD Connect “Classic”.
There are things it cannot do, for example: no pass-through authentication (only password hash sync is supported), device objects are not supported, custom Active Directory attributes are not supported, attribute filtering not supported, password write-back is not supported. So it is of limited value right now and is targeted at a very specific use case. But we can make an educated guess that it is a stepping stone towards something better – and cloud-based!
Read more in this blog.
Find out more about Azure AD Connect cloud provisioning on our Azure AD Connect Masterclass.
Learn how to build an HR driven provisioning solution for your Active Directory and Azure Active Directory with our practical video training.
Last reviewed December 2021