Everything you ever wanted to know about Microsoft Entra Connect but were afraid to ask!

Microsoft Entra Connect is an integral and essential part of a hybrid/cloud identity infrastructure. It is easy to install, but what’s actually going on under the hood?

Azure AD Connect questions answered by expert panel in webinar recording
Microsoft’s Rob de Jong, Senior PM for Azure AD Connect, plus Hugh, James, Andreas answer questions about Azure AD Connect

In this webinar recording, our panel of experts – including three who developed our Microsoft Entra Connect Masterclass – shared their expertise and answered a wide range of questions from participants.

This webinar, which was broadcast on 10 March 2020, is important viewing for system admins, identity consultants, cloud administrators, technical architects, system engineers, and identity developers.

On the panel were:

  • Rob de Jong, Microsoft’s Senior Program Manager responsible for Azure AD Connect
  • Andreas Kjellman, formerly MIM and Azure AD Connect Program Manager for Microsoft)
  • James Cowling, CTO, Oxford Computer Group
  • and me, Hugh Simpson-Wells,  OCT’s CEO and Founder

Questions answered by the panel include:

  • Can Azure be set up as a valid sts to authZ other web apps/APIs if I use pass-thru Auth to replace our current ADFS?
  • Do you have any information about Microsoft’s plan to move Microsoft Entra Connect to the cloud?
  • Can I use MS-DS-ConsistencyGuid for Groups?
  • We are having an issue with a duplicate UserPrincipalName. When we look at this error the two User objects that it displays do not have a duplicate UserPrincipalName and are different. We have run some commands in Powershell as well as looking into our On-Prem AD and our Microsoft Entra ID for clues as to what may be causing this. Do you have any ideas?
  • With a growing number of SaaS-based HR platforms and Microsoft building on the work begun with Workday, I’m interested to know if we’ll soon start to see the possibility of syncing accounts down to AD rather than just AD to Microsoft Entra ID.
  • To sync, Microsoft Entra Connect requires a user account. Can this account be locked down at all, or must it be a Global Admin? If it must be a Global Admin, can I tighten security in other ways? I feel uncomfortable with a Global Admin account sitting out there unused by humans.
  • How to improve Azure sync time? Our current sync takes 40 minutes.
  • Delegate read-only access to sync service, and install sync service on a shared PC with no access to make changes.

See also this blog in which I have set out the answers, and also answered some additional ones.

Watch the webinar now – note the webinar was recorded before Microsoft rebranded Azure AD Connect to Microsoft Entra Connect but is still relevant and full of useful information.

Want to know more about Microsoft Entra Connect?

Take our 5-star rated Microsoft Entra Connect Masterclass. Join a small group, instructor-led class via Teams,