Enterprise Mobility and Security Blog

RSS

Howdy folks!

We've heard consistent feedback that integrating your on premises identities with Azure AD is harder than it should be.  There are too many pages of documentation to read, too many different tools to download and configure, and far too much on premises hardware required.  We agree!

We've heard your feedback and shared our plans to make Azure AD integration with local directories easier:

  • Streamline the experience so fewer tools are required
  • Guide you through the experience so you don't have to read a bunch of documents
  • Reduce the on-premises footprint so you don't have to deploy a bunch of servers

To achieve these goals, we've created Azure AD Connect. Now you can connect your on-premises Windows Server Active Directory to your tenant in Azure Active Directory with only 4 clicks.

Jen Field is a Senior Program Manager in my team and has written up a nice guest blog post with the details on AAD Connect below. I hope you'll find it interesting and helpful.

For those of you who just want to get started, you can download the preview from the Azure Active Directory Connect program on MS Connect, (be sure to sign in if you'd like to submit feedback), or you can always give us feedback via the Windows Azure AD Forum.

Best Regards,

Alex Simons (Twitter: Alex_A_Simons)

Director of PM

Active Directory Team

————————————

Hi everyone,

I'm Jen Field, one of the Program Managers in the Active Directory team. Today I'm happy to be able to announce the availability of the first step along this path with our first Public Preview of Azure Active Directory Connect (AAD Connect).

AAD Connect is a single wizard that performs all of the steps you would otherwise have to do manually for connecting Active Directory and local directories to Azure Active Directory:

  • Downloads and installs pre-requisites like the .NET Framework, Azure Active Directory Powershell Module and Microsoft Online Services Sign-In Assistant
  • Downloads, installs and configures Dirsync (and in the future, AAD Sync), and enables it in your Azure tenant
  • Configures either password sync or AD FS, depending on which sign-on option you prefer, and including any required configuration in Azure
  • Checks to make sure it's all working!

     

What can the AAD Connect Beta do?

In the Beta release, the AAD Connect wizard provides a guided experience for integrating a single Active Directory forest with Windows Azure Active Directory.  In upcoming versions, we plan support multi-forest scenarios.

Express Settings

The shortest path to getting your connection up and running, the Express Settings option configures
directory integration in just 3 clicks, configuring Dirsync with the password hash sync option for a single forest, and then kicking off sync right away. This allows sign on to cloud resources based on Active Directory passwords within 15 – 20 minutes:

 

We only ask for your on premises Enterprise Administrator credentials (in the future we plan to allow configuration without EA credentials):

 

We summarize what we are about to configure:

 

And then we perform the configuration steps, both on premises and in the cloud:

 

Finally, we let you know the results and what you should do next:

 

 

Custom Settings

For those who would like the SSO with federation option, or who simply don't want to kick off sync right away, the wizard guides you through choosing and configuring the right solution:

 

You can deploy Dirsync with password sync or opt for AD FS for Single Sign on via federation:

 

AD FS has some additional requirements, which we let you know about:

 

You can deploy one or many AD FS and Web application proxy machines for a complete, highly available solution:

 

 

We'll help you to ensure your Azure domains are in the correct state before proceeding to setup federation:

 

 

We'll summarize what we're about to configure. Optionally you can choose to configure password sync in addition to AD FS for an easy "High Availability light" via fall back to cloud sign on:

 

Then we'll perform the installation and configuration steps, again both on premises and in the cloud:

 

Finally, we'll let you know what manual tasks you need to do, and help you to verify the installation works:

 

 

 

 

What's coming next?

As you'll see in the wizard, we are planning support for multiple forests using AAD Sync soon….


 

Below are some additional capabilities you won't see in the wizard yet, but we are planning include soon:

  • Ability to configure all the AAD Sync options available in the AAD Sync wizard beta today

 

 

We look forward to providing you these options in the near future. In the meantime, go ahead and download the beta, and feel free to provide your feedback and suggestions via MS Connect or on the Azure Active Directory Forum.  We look forward to hearing from you!

And if you've read this far, thanks a ton for your time! We really appreciate your interest!

Regards,

Jen Field