Azure Active Directory Connect 1.1 Reaches General Availability
Among other changes, the update includes multifactor authentication.
Azure AD Connect, Microsoft's identity and access management sync tool between local datacenters and the cloud, got an update that updates.
Per the announcement, Azure AD Connect 1.1 reached "general availability," meaning it's deemed ready for use in an organization's production environment. Microsoft also indicated today that certain sync task features, namely "device write-back" and "schema extension support," have reached general availability, too.
Azure AD Connect 1.1 can be downloaded at this page. It's presently at build 184.108.40.206. The release history is at this page.
Azure AD Connect is Microsoft's free flagship identity and access management synchronization tool. It has a wizard-like user interface designed to help IT pros configure synchronization tasks between premises-based AD environments and Azure AD, which is Microsoft's cloud-based identity and access management solution.
Azure AD Connect attempts to simplify sync configurations. The new version 1.1 tool fixes some usability issues, but perhaps the most interesting improvement is that it contains support for automatic updates. In other words, the tool will update itself like a service. The caveat is that to get this auto-update support, Azure AD Connect has to be installed with the "Express Settings" chosen.
Microsoft also gave IT pros some slack on sync intervals with Azure AD Connect 1.1. It has a new default synchronization frequency of 30 minutes. Previously, that interval was fixed at every three hours. IT pros can change the frequency from its default, but that requires configuring the CustomizedSyncCycleInterval setting in the tool's Scheduler.
Microsoft also made it possible to use Azure AD Connect 1.1 with multifactor authentication. Ironically, Microsoft's multifactor authentication scheme, which requests identity verification via a secondary means (such as an automated phone call or a text message) didn't work with Azure AD Connect, particularly for IT pros.
"You can now specify an admin user that has MFA or PIM configured to connect to Azure AD," Microsoft's announcement assured. In addition, users of Azure AD Connect 1.1 can now change the user sign-in method without having to reinstall the tool.
Microsoft also addressed a customer need to "filter specific OUs [organizational units] and domains" when synchronizing local AD directories with Azure AD. Earlier versions of the tool had compelled the user to select all OUs and domains, which was a stumbling block for some organizations. For instance, certain firewall restrictions may have gotten in the way, Microsoft explained.
Microsoft has other AD sync tools, but Azure AD Connect has been the fastest growing one so far, according to Alex Simons, director of program management for Microsoft Identity Products and Services. He made that claim last month.
Microsoft has announced that it will be deprecating its Azure AD Synchronization Tool (known as "DirSync") and Azure AD Synchronization Services tool, which means that it will stop developing them. Its leading sync tool, going forward, will be Azure AD Connect, alongside Microsoft Identity Manager.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.