Azure AD Connect Health General Availability

Aidan Finn

Mar 15, 2017

Microsoft recently announced the general availability of Azure AD Connect Health, a feature for monitoring the status of your synchronization or federation between on-premises Active Directory (AD) and the cloud-based Azure Active Directory (Azure AD).

The Value of a Healthy Azure AD Connection

Microsoft describes Azure AD Connect Health as a feature that:
… helps you monitor and gain insights into your on-premises identity infrastructure and the synchronization services
Azure AD is used by all of Microsoft’s enterprise cloud services, such as Azure and Office 365, to authenticate and authorize users — many people are unaware that they are using Azure AD’s free version when they deploy Office 365. We can synchronize identity and password hashes from the cloud to Azure AD to get single sign-on with Microsoft’s cloud services and with at least 2,800 third-party cloud services, too, including Microsoft competitors such as SAP, Google, and AWS. The means for enabling this are:

Active Directory Federated Services (ADFS): A beast of a deployment for large enterprises. Azure AD connects to your domain/forest via ADFS to authenticate/authorize users.
Azure AD Connect: A simple to deploy and free solution that is quite scalable. This solution synchronizes usernames and password hashes to the cloud.

With single sign-on via Azure AD deployed, the health of these solutions becomes critical to the business; therefore, Microsoft created Azure AD Connect Health.

Azure AD Connect Health

This Azure AD synchronization and federation health monitoring solution from Microsoft is a benefit that customers of Azure AD Premium can avail of.

Azure AD Connect Health concept [Image Credit: Microsoft]

There are two ways that you can connect your on-premises AD to Azure AD, and there are two ways two monitor the health of these connections.
Azure AD Connect Health for ADFS offers support for federated identity, based on ADFS 2.0 running on Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2. It also supports AD FS proxy or web application proxy servers for extranet services access. The features include:

Alerts when ADFS and ADFS proxy servers are not healthy
Email notifications for critical alerts
Trends in performance data
Usage analytics
Reports for user activity

Azure AD Connect Health for ADFS [Image Credit: Microsoft]

Azure AD Connect Health for sync, which is built into Azure AD Connect (you must be on a current version), will be used by anyone using Azure AD Connect to synchronize identity to the cloud, sometimes referred to as shared sign-on; this solution offers the following features:

Monitoring and alerts to know if an Azure AD Connect server is not healthy
Email alerts for critical alerts
Sync operational insights
Quick glance information about properties and recent jobs
Information about object-level sync errors, which does not require Azure AD Premium

Azure AD Connect Health for sync [Image Credit: Microsoft]

Azure AD Connect Health for Active Directory Domain Services Preview

Not only can it monitor the health of your connection to Azure AD, but Microsoft also added a preview for monitoring on-premises domain health using Azure AD Connect Health for Active Directory Domain Services (ADDS), a critical element to the functionality of the total identity solution, supporting:

Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016

Azure AD Connect Health for Active Directory Domain Services console [Image Credit: Microsoft]

Between OMS, Azure AD Connect Health, Azure AD Connect Health for ADDS, and System Center Operations Manager (SCOM), we will have an abundance of identity monitoring solutions from Microsoft.