Latest Microsoft Entra Connect Sync Update Brings New Auditing Capabilities
Microsoft's latest Entra Connect Sync update adds advanced auditing features and performance improvements.
Published: Feb 04, 2025
Key Takeaways:
- The latest Microsoft Entra Connect Sync version lets admins track key actions like changes to directories, sync configurations, and permissions.
- The new audit feature supports Windows Server 2016, 2019, and 2025.
- IT administrators can disable auditing through UI or PowerShell.
Microsoft has recently rolled out a new update (version 2.4.129.0) of its Entra Connect Sync service. The latest release brings new auditing capabilities, enhancements, as well as bug fixes to improve user experience and boost the overall stability of the system.
What is Microsoft Entra Connect Sync?
Microsoft Entra Connect Sync enables organizations to synchronize identity data (users, groups, and contacts) between their on-premises environments and Microsoft Entra ID (formerly known as Azure AD). This service offers a common identity for accessing both cloud and on-premises resources. It allows for custom synchronization rules and configurations to meet specific organization needs.
How does the new audit feature work?
Microsoft explained that the new audit feature allows customers to monitor administrator events and activity in Microsoft Entra Connect Sync. This means that any changes made by administrators, whether through the user interface (UI) or using PowerShell scripts, are now recorded for tracking purposes.
The new audit feature allows administrators to view the following key logged events:
- Add/Update/Delete Directories (EventID 2503): This event logs the names of the directories that were added, updated, or deleted. It helps to ensure that any modifications are properly recorded.
- Enable/Disable Sync Features (EventIDs 2505, 2506, 2507): These events monitor changes in the synchronization configuration for domains and Organizational Units (OUs), password hash sync, as well as sync start options.
- ADFS-Related Updates (EventIDs 2514–2520): These events log changes related to Active Directory Federation Services (ADFS), single sign-on, and ADFS server installations.
- Credential and Permission Updates (EventIDs 2518, 2519, 2521): These events capture changes related to credentials and permissions in Active Directory Domain Services (ADDS).
According to Microsoft, detailed event logs enable IT teams to actively monitor changes, resolve issues, and ensure a secure environment. This feature keeps administrators informed and in control, whether managing sync rules, enabling SSO, or adjusting permissions.
Microsoft notes that the new audit feature supports Windows Server 2016, Windows Server 2019, and Windows Server 2025. Administrators can choose to disable auditing of administrator actions through UI or PowerShell scripts, and you can find more details on this support page.