Microsoft has released an update to Azure AD Connect, adding several features that have been popular demands from customers. In this article, I’ll explain what’s new in the Azure AD Connect 1.1 release.
Azure AD Connect is a solution from Microsoft that lets you easily integrate legacy Active Directory with Microsoft’s cloud services and over 2,500 other cloud services via Azure AD single sign-on.
Azure AD Connect can be installed on a domain member server and synchronizes selected domains and OUs to your Azure AD subscription. The benefits are:
Many businesses will have deployed a predecessor to Azure AD Connect called DirSync. You can do an upgrade to Azure AD Sync to:
If you are already running a previous version of Azure AD Connect, then you can easily upgrade to version 1.1. I did the upgrade for work before writing this article, and it took around two minutes, with most of that being ‘progress bar engineering.’ Just make sure you have Global Admin credentials for your Azure AD domain and domain admin credentials for your legacy Active Directory.
There are several different reasons to plan an upgrade to Azure AD Connect 1.1.
Previous upgrades of Azure AD sync tools, including Azure Connect, required a manual upgrade. Although this is a simple task, it’s a manual one that takes time. Imagine a managed-services provider with 40 customers that each require an upgrade every couple of months. Any customer that deploys Azure AD Connect with Express Settings now will get a nice new feature with v1.1, and that’s automatic upgrades. This improvement reduces human effort and keeps customers up-to-date with support and functionality.
The folks that look after our internal IT have been frustrated with Azure AD synchronizations in the past because a new user account is created in legacy Active Directory when a new employee starts. As a result, the tech attempts to assign an Office 365 license to the new user, but the user account doesn’t exist yet in Azure AD, so the mailbox creation can’t be done.
The reason behind this frustrating problem is that previous versions of Azure AD Connect did synchronization every three hours. So if no one triggered a manual sync or no one configured a triggered script to an on-demand sync, then it would take up to three hours for the new user account to appear in Azure AD and Office 365.
Azure AD Connect 1.1 lets you run synchronizations up to every 30 minutes, and that’s the most frequent supported rate.
Some companies choose to upgrade Azure AD to the Premium Edition so that they can force multi-factor authentication (MFA). And some of those companies realize that those users with the most power should be mandated to provide a second form of authentication, such as global admins in Azure AD. This caused a problem with Azure AD Connect because you had to sign into Azure AD with global admin credentials to reconfigure the sync. Additionally, using Azure AD Connect with MFA has traditionally been very difficult.
Now Azure AD Connect 1.1 natively supports MFA and Azure Privileged Identity Management (PIM), making secure administration quite a bit easier.
You might choose to filter out specific domains in your forest or OUs in your domain for a number of reasons. Previous versions of Azure AD Connect required that you do this after running the installation and configuration wizards. Version 1.1 allows you to filter out those items you don’t want to synchronize during the initial configuration wizard if you choose a customized configuration instead of an express configuration.
If you wanted to change a users’ sign-in method in the past, then you had to reinstall Azure AD Connect. This is no longer required with version 1.1; you just need to rerun the configuration wizard.
Azure AD Connect 1.1 is well worth the upgrade thanks to improvements made to automatic upgrades, frequent synchronizations, and multi-factor authentication. Let me know if you upgrade to version 1.1 in the article comments below, I’d love to hear your thoughts on what you think about this release.