In the last post, we talked about Azure Active Directory (AD). There can be cases where an organization is already using Active Directory, and when they onboard to Azure, they want to synchronize the on-premise identity data to azure to keep using the local security policies. This can be achieved through Azure AD connect.
Azure AD Connect needs two things, an AD Connect sync component to be available on an on-premise environment and Azure AD Connect sync service running on Azure AD.
- Password hash synchronization – A sign-in method that synchronizes a hash of a users on-premises AD password with Azure AD.
- Pass-through authentication – A sign-in method that allows users to use the same password on-premises and in the cloud, but doesn’t require the additional infrastructure of a federated environment.
- Federation integration – Federation is an optional part of Azure AD Connect and can be used to configure a hybrid environment using an on-premises AD FS infrastructure. It also provides AD FS management capabilities such as certificate renewal and additional AD FS server deployments.
- Synchronization – Responsible for creating users, groups, and other objects. As well as, making sure identity information for your on-premises users and groups is matching the cloud. This synchronization also includes password hashes.
- Health Monitoring – Azure AD Connect Health can provide robust monitoring and provide a central location in the Azure portal to view this activity.