Strengthen your hybrid identity with these new Azure AD Connect releases

This post has been republished via RSS; it originally appeared at: Azure Active Directory Identity Blog articles.

Howdy folks,


We continue to hear from you that hybrid identity is as important as ever, even as more apps move to the cloud. In Azure AD, our key hybrid identity tool is Azure AD Connect. This comes in two flavors based on your use case needs: Azure AD Connect sync which lives on-premises, and Azure AD Connect cloud sync which is powered by the cloud. We are constantly improving these capabilities based on your feedback, to make it easier to deploy and configure while also improving security, scale and throughput. 


Today we're announcing Azure AD Connect cloud sync is generally available! This was formerly known as Azure AD Connect cloud provisioning during its preview. We have also made significant updates to our classic Azure AD Connect sync tool with improved scale and performance.



Azure AD Connect cloud sync general availability


Azure AD Connect cloud sync is the future of our hybrid identity sync capabilities. It moves all the heavy-lifting of the transform logic to the cloud. It also reduces the on-premises footprint with light-weight agents that can be distributed for enterprise-grade availability. Customers can deploy this either standalone, or even alongside Azure AD connect sync. When deployed together, it allows you to connect disconnected AD forests that arise from merger and acquisition or remote office location scenarios. To see the differences in the sync capabilities within Azure AD Connect, check our comparison chart.


Since our public preview, we’ve introduced some additional capabilities:

  • Enhanced security with support for gMSA: Using the group Managed Service Account (gMSA), you no longer need to provide domain admin credentials to run the sync agent. You can either use your own custom gMSA account or the one defined by us.
  • Ability to sync large directories with up to 150,000 directory objects per configuration and large groups with up to 50,000 members.
  • Prevent accidental deletes by configuring a threshold for deletes beyond which you get notified to take action.
  • Health features that allow you to monitor your sync service and resolve common data issues such as duplicate attribute values.
  • Advanced troubleshooting tools that helps your organization easily find out if something goes wrong with your sync configuration.

To get up and running with Azure AD Connect cloud sync today, check out our documentation.



Azure AD Connect sync updates


Many of you have been using classic Azure AD Connect sync for years as the primary means to bridge your hybrid identity. We’ve heard that as your business and teams grow, you need higher throughput on syncs as well as be able to sync larger groups. With the general availability of our v2 end point and latest build of Azure AD Connect sync, you can now sync groups of up to 250,000 members and customers who previewed the new end point saw 3 to 10x improvement in performance on average on their sync times. One customer told us that this update “has resulted in dramatic performance improvements on our delta synchronizations. Before, during the work week, the average was constantly around 5 hours. This week it is 25 minutes.”


To try the v2 end point and make sure you’re using the latest build of Azure AD Connect sync, check out our documentation.


As always, we’d love to hear from you. Please let us know what you think in the comments below or on the Azure AD feedback forum.


Best regards,

Alex Simons (twitter: @alex_a_simons)

Corporate Vice President Program Management

Microsoft Identity Division



Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.