Microsoft Releases Azure Active Directory Connect and Health Tools

Microsoft commercially released its Azure Active Directory (AD) Connect tool today.

The company had promised earlier this month that it planned to deliver Azure AD Connect sometime this month. Today's announcement is noteworthy because the "general availability" of Azure AD Connect likely will help speed up the deployment of the kind of mobile device and mobile application management scenarios that Microsoft has been describing throughout this year. However, many of those capabilities will still depend on the availability of some Windows 10 and Windows Server 2016 technologies.

Also hitting "general availability" status today is the Azure AD Connect Health tool, per Microsoft's announcement. The Azure AD Connect Health tool is a solution for monitoring infrastructure components. It comes with Azure AD Premium subscriptions. For this release, Microsoft added support for monitoring Active Directory Federation Services (ADFS), which is a Windows Server technology. The Health tool surfaces configuration and performance information and delivers alerts to IT pros. It also tracks user log-in activity, including log-in failures.

Spotlight on Azure AD Connect
Azure AD Connect is a wizard-like tool that makes it easier for organizations to connect their premises-based AD infrastructures with Microsoft's cloud-enabled Azure AD service. Azure AD Connect combines the features of Microsoft's Directory Synchronization (DirSync) and Azure AD Sync Services tools. Those latter two tools are subject to deprecation by Microsoft, with Azure AD Connect being the main tool going forward.

Microsoft also is readying its Microsoft Identity Manager solution (the successor to Forefront Identity Manager 2010 R2), which supports features lacking in the Azure AD Connect tool. Microsoft Identity Manager is currently at the preview stage, but Microsoft previously indicated it would be released sometime in the first half of this year, so its release is likely close at hand.

An overview summarizing Microsoft's directory integration tools can be found in this MSDN library article. It shows which features are supported.

Azure AD Connect Capabilities
Microsoft is claiming that the Azure AD Connect tool can set up a single premises-based AD forest to work with Azure AD "with just a few clicks." It also can connect "multiple forests at one time," per Microsoft's announcement.

Organizations leveraging Active Directory Federation Services (ADFS) on premises can also use the Azure AD Connect tool to set up single-sign access for their end users. Despite its name, ADFS is considered by Microsoft to be Windows Server technology. Single sign-on is terminology that Microsoft uses to describe using a single password to access both premises-based apps and software-as-a-service cloud apps.

The Azure AD Connect tool is capable of performing upgrades for organizations that previously used Microsoft's DirSync or Azure AD Sync tools. It won't disrupt the single sign-on access capabilities that were previously established, Microsoft's announcement promised.

Microsoft's announcement also listed these capabilities that can be provisioned using the Azure AD Connect tool:

  • Enable your users to perform self-service password reset in the cloud with write-back to on premises AD
  • Enable provisioning from the cloud with user write back to on premises AD
  • Enable write back of "Groups in Office 365" to on premises distribution groups in a forest with Exchange
  • Enable device write back so that your on-premises access control policies enforced by ADFS can recognize devices that registered with Azure AD. This includes the recently announced support for Azure AD Join in Windows 10.
  • Sync custom directory attributes to your Azure Active Directory tenant and consume it from your cloud applications

Despite the general availability releases today, Microsoft is already working on expanding the capabilities of its Azure AD Connect and Azure AD Connect Health tools. For instance, it's planning to add "additional sync and sign on options."

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • OneDrive Users To Get Storage Options, Plus New Personal Vault

    Microsoft announced a few OneDrive enhancements, including storage-option additions, plus a new "Personal Vault" feature for added security assurance.

  • Cloud Services Starting To Overtake On-Prem Database Management Systems

    Database management system (DBMS) growth is happening more on the cloud services side than on the traditional "on-premises" side, according to a report by Gartner Inc.

  • How To Replace an Aging Domain Controller

    If the hardware behind your domain controllers has become outdated, here's a step-by-step guide to performing a hardware refresh.

  • Azure Backup for SQL Server 2008 Available at Preview Stage

    Microsoft added the option of using the Azure Backup service to provide recovery support for SQL Server 2008 and SQL Server 2008 R2 when those workloads are hosted on Azure virtual machines.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.