Hello All
Hope everyone is doing well and good. In this entire series, we are going to see the the in and out of Azure Active Connect tool - in short AAD tool which is usually running in on-premise environment
Lets us begin with agenda of this part 1
- What is Azure AD connect
- Why do we need AAD connect
- Benefits of AAD connect
What is Azure AD Connect
- AAD connect is used to integrate Active Directory with M365 / Azure Active Directory
- AAD connect tools is designed to meet and accomplish the hybrid identity goals
Lets us understand in detailed , what do we mean by the above statements
Let us assume that we have organisation called cloudmonkeys.xyz . They deployed AD and managing their user accounts with in onprem AD , like password resets, Attributes changes etc.. within onprem AD
Now company has signed up for office 365 tenant along with onprem AD
Organisation requirement is they want all the active directory AD accounts on M365 , so that they can assign the licenses and this users can use the M365 services . In this scenario, they have option to creates a same user account in M365 , however the account became a cloud hosted account and all the changes has to be make from M365
Let assume that organisation requirement is they do want ti decommission the on premise environment, and the want to keep On-Premises AD and They want to make a changes in users account only on Onprem AD account not from M365 AAD
To meet this requirement, we can use AAD tool and will deploy azure connect server then will sync the user account to M365, then we can assign the m365 licenses to the users accounts and use the o365 services.
All the necessary changes has to be make from Onprem Active Directory , like password reset, and most of Attributes changes . when i say most of attribute , which means, few of attributes can be manage from AAD powershell
This process is call copy and paste , not cut and paste. The actual user account is still exists in onprem active directory and a replica of that account is synced to M365 AAD
This type of environment is called SYNCED environment
If we have only M365 tenant, it called CLOUD hosted environment
Let us discuss , how AAD connect tool help the organisation to meet the hybrid identity goals
Lets us assume that you have onprem environment has AD and Exchange 2016 server . You have setup an M365 tenant and wan to deploy the hybrid environment
Hybrid model will show case your onprem and M365 organisation act as a single organisation
We can migrate the mailboxes from onprem to m365 and control the email flow from onprem and many other benefits in hybrid
to achieve the hybrid model you need to deploy the AD connect tool within your onprem environment. this is one the important prerequisites for hybrid environment
Benefits of Azure AD connect
Synchronise the object to o365 . [objects are users, contacts, Groups, etc]
Password has synchronisation : we can sync the password from AD to M365 si that users can use single password on both onprem and M365 . In this feature users are authenticated from Azure Active Directory
Pass Through Authentication : If your organisation don't want to sync the user password to AAD, then this feature helps. In this features users are authenticated from Onprem AD
Password Write Back : Let us assume you have enabled password has synchronisation feature Passwords are syncing from onprem AD to M365 AAD. . Now O365 you have enabled SSPR[Self Service password reset] , and users can change their password at their own from this feature . with help of password write back feature , passwords can be sync written back to onprem AD
Single Sign on : With the help of this feature user don't need to type their password , when they try to login office 365 application from the domain joined devices . They can able to sign in automatically using their email address.
Federation : we can federate our domains using this features in AAD connect tool;
Device Write Back : We can use this feature if we have register the device in AAD
Group Write back : if you want ti sync o365 groups from M365 AAD to Onprem AD , we can use this feature
Exchange Mail Public folders : We can sync the public folders from onprem exchange server to M365
Hybrid Deployment : By enabling this features , we can assign cross premises permission and the attributes can synced from AAD to Onprem AD
.So finally based on our businesses requirements we can use one of the above features or combination of the above features.
We will connect with Part 2 on the same topics of Azure AD Connect. Thanks for reading and Happy learning. 📙
Great! continue the good work 👍🏼
ReplyDelete