Microsoft has released an update to Azure AD Connect, adding several features that have been popular demands from customers. In this article, I’ll explain what’s new in the Azure AD Connect 1.1 release.
What is Azure AD Connect?
Azure AD Connect is a solution from Microsoft that lets you easily integrate legacy Active Directory with Microsoft’s cloud services and over 2,500 other cloud services via Azure AD single sign-on.
Azure AD Connect Benefits
Azure AD Connect can be installed on a domain member server and synchronizes selected domains and OUs to your Azure AD subscription. The benefits are:
- Common username and password between on-premises services and Microsoft cloud services, such as CRM Online, Office 365, Azure, and EMS.
- The ability to integrate into third-party services, such as Google Apps, Sage, DropBox for Business, Salesforce, and another 2,500+ third-party cloud services, enabling users to use a single username and password for all services and giving business control over shadow IT.
Many businesses will have deployed a predecessor to Azure AD Connect called DirSync. You can do an upgrade to Azure AD Sync to:
- Remain in support
- Get a more stable product
- Availability of new features, such as sync health checking (see Azure AD Premium)
- And more
If you are already running a previous version of Azure AD Connect, then you can easily upgrade to version 1.1. I did the upgrade for work before writing this article, and it took around two minutes, with most of that being ‘progress bar engineering.’ Just make sure you have Global Admin credentials for your Azure AD domain and domain admin credentials for your legacy Active Directory.
Reasons to Upgrade to Azure AD Connect 1.1
There are several different reasons to plan an upgrade to Azure AD Connect 1.1.
Previous upgrades of Azure AD sync tools, including Azure Connect, required a manual upgrade. Although this is a simple task, it’s a manual one that takes time. Imagine a managed-services provider with 40 customers that each require an upgrade every couple of months. Any customer that deploys Azure AD Connect with Express Settings now will get a nice new feature with v1.1, and that’s automatic upgrades. This improvement reduces human effort and keeps customers up-to-date with support and functionality.
More Frequent Synchronizations
The folks that look after our internal IT have been frustrated with Azure AD synchronizations in the past because a new user account is created in legacy Active Directory when a new employee starts. As a result, the tech attempts to assign an Office 365 license to the new user, but the user account doesn’t exist yet in Azure AD, so the mailbox creation can’t be done.
The reason behind this frustrating problem is that previous versions of Azure AD Connect did synchronization every three hours. So if no one triggered a manual sync or no one configured a triggered script to an on-demand sync, then it would take up to three hours for the new user account to appear in Azure AD and Office 365.
Azure AD Connect 1.1 lets you run synchronizations up to every 30 minutes, and that’s the most frequent supported rate.
Some companies choose to upgrade Azure AD to the Premium Edition so that they can force multi-factor authentication (MFA). And some of those companies realize that those users with the most power should be mandated to provide a second form of authentication, such as global admins in Azure AD. This caused a problem with Azure AD Connect because you had to sign into Azure AD with global admin credentials to reconfigure the sync. Additionally, using Azure AD Connect with MFA has traditionally been very difficult.
Now Azure AD Connect 1.1 natively supports MFA and Azure Privileged Identity Management (PIM), making secure administration quite a bit easier.
Easier Domain/OU Filtering
You might choose to filter out specific domains in your forest or OUs in your domain for a number of reasons. Previous versions of Azure AD Connect required that you do this after running the installation and configuration wizards. Version 1.1 allows you to filter out those items you don’t want to synchronize during the initial configuration wizard if you choose a customized configuration instead of an express configuration.
Change User Sign-In Method
If you wanted to change a users’ sign-in method in the past, then you had to reinstall Azure AD Connect. This is no longer required with version 1.1; you just need to rerun the configuration wizard.
Will You Upgrade?
Azure AD Connect 1.1 is well worth the upgrade thanks to improvements made to automatic upgrades, frequent synchronizations, and multi-factor authentication. Let me know if you upgrade to version 1.1 in the article comments below, I’d love to hear your thoughts on what you think about this release.