Enterprise Mobility and Security Blog

RSS

Howdy folks,

It’s a big day for Azure AD! I’m happy to let you know that:

  • Azure AD Connect Health for Windows Server AD DS is now GA!
  • Azure AD Connect Health Sync Error Reports is now GA!
  • Based on your feedback, we’ve simplified the Azure AD Connect Health licensing model.

I’ve invited two program managers from my team, Varun Karandikar and Arturo Lucatero, to give you all the details here. Their blog is below.

As you read through these updates and begin exploring, share your feedback with us. We’re always listening!

Best regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division

—-

Hello everyone,

We couldn’t be more thrilled to share the latest updates on Azure AD Connect Health with you! Before we get started, we’d recommend that if you haven’t tried this service yet, you really should! Please visit our documentation page, and give it a try! (Note: Azure AD Connect Health requires Azure AD Premium licenses)

General Availability of Connect Health for Windows Server AD

You can now monitor your on-premises Active Directory (AD DS) infrastructure from the cloud using Connect Health for AD DS!

In the six months Connect Health for AD DS lived in preview, we received all kinds of feedback from the community. You told us about areas that needed polishing, capabilities that were working well, and new features you would like to see included. Your feedback has been invaluable in helping us improve our offering and get to general availability status.

Here are some of the updates we made during the preview:

  • The Domain Controllers dashboard contains more information. Adding OS Name was one of the most popular requests we received.


  • Support for monitoring Read Only Domain Controllers & identifying RODCs in the Domain Controllers dashboard.


  • Big performance improvements to the portal. The main dashboards load ten times faster, leading to a smooth experience for forests with 100+ Domain Controllers.
  • A new entry point to the Performance Monitors Collection. Now you can easily pin the monitors collection to your Azure dashboard.


  • Alert coverage for all the essential services running on your DCs. If an essential service like Kerberos Key Distribution Center or Netlogon stops, you will quickly be notified about it.
  • Refinements to existing alerts to minimize noisy notifications. Improving the detection logic of alerts is highly important and something we’re always investing in.

On behalf of the entire Connect Health team, we thank everyone who has deployed this feature, reported issues, and sent feedback, and we encourage others to do the same!

General Availability of Sync Error Reports

You may encounter Object Level Sync Errors while syncing data from your on-premises AD to Azure AD. With the Sync Error Reports within Azure AD Connect Health for Sync it’s now easy to get all the relevant information about sync errors in one place. This reduces the time required to fix errors and helps your users embrace the cloud.

The Sync Error Reports are now generally available to all Azure AD Premium customers using Azure AD Connect (version 1.1.281.0 or higher). Here are a few key points to note about them:

  • Provide an overview of errors based on error type and root cause.
  • Allow you to download the report with all errors as a single CSV.
  • Make it easy to understand the root cause and steps to fix the error.
  • Side-by-side comparison of objects for errors due to duplicates.
  • Allow you to delegate report access to users who are not global admins via Role Based Access Control.
  • Provide weekly email notifications.

Here’s a demo of the report available in the new Azure Portal:

Licensing Update

We also heard your feedback regarding our licensing model and that it was complicated to understand and to manage. In response, we made the following changes to make it simpler:

  • First Connect Health agent requires at least one Azure AD Premium license.
  • Each additional agent requires 25 additional incremental AADP licenses.
  • Agent count is equivalent to the total number of agents registered per role (AD FS, Azure AD Connect, AD DS) per server.

You can also find this information on the Azure AD Pricing page.

Congratulations! You are officially caught up with Azure AD Connect Health news.

Now it’s time for that last request: please share your thoughts on Azure AD Connect Health! Comments, questions, and suggestions are strongly encouraged and extremely important to us. Post below, in our discussion forum, or send us a note at askaadconnecthealth@microsoft.com. We look forward to hearing from you.

Thanks for reading!

Varun, Arturo and The Azure AD Connect Health Team