Microsoft’s Azure Active Directory (AD) connect tool, currently in preview, has received an update with functionality targeting administrators that plan to take a measured approach to rolling out their own single sign-on environments.
As its name suggests, Azure AD Connect is software that links on-premise Windows Server Active Directory with its cloud-based alternative Azure AD, enabling single sign-on (SSO) functionality for local applications, Office 365 and thousands of third-party software-as-a-service (SaaS) offerings. The latest release includes a new option to set up a pilot deployment.
While it has been a decade since the company gave up on Passport, its single sign-on vision for public Websites, Microsoft believes in the approach for business users who would be otherwise asked to juggle credentials for a handful, if not dozens, of business apps and cloud services. Dynamics GP 2015 and Dynamics CRM Online Government are among the latest of Microsoft’s products to extend single sign-on support.
“Many of you have asked for the ability to set up a small pilot based on a group of users before you sync the entire directory,” Alex Simons, director of program management for Microsoft’s Identity and Security Division, wrote in a March 24 blog post. “Our new ‘Pilot’ mode capability allows you to do just this. Just select an AD group on the Sync Filtering page (you can find this in the Custom path of the wizard) and we will make sure only the members of that group are synchronized to Azure AD.”
In addition, the update supports “seamless” in-place upgrades from Office 365 Directory Synchronization (DirSync) or Azure AD to Azure AD Connect. “If you have DirSync and more than 50,000 objects in the directory, we export your DirSync configuration for you, then we import it for you when you run the Azure AD Connect wizard on another machine,” Simons wrote.
The software is also more accommodating of Microsoft Active Directory Federation Services (AD FS) and other existing single sign-on setups, he added.
“Just choose the Custom path instead of Express Settings, and then select ‘Do not configure’ on the ‘User sign-in’ page,” instructed Simons. “We’ll go ahead and get the sync components upgraded to Azure AD Connect so that you have the latest sync options without having to configure sign-on.”
After an Azure AD connection is established, the tool now provides guidance on common next steps.
“Once you have run the Azure AD Connect wizard for the first time, you may wish to add scale or refine your options right away, or after some time has passed. Just launch the wizard again using the Start page or desktop icon called ‘Azure AD Connect’,” said Simons. “After you enter your Azure AD credentials, we will show you a page with the tasks that are relevant to your configuration.”
The new version also includes bug fixes and “quality improvements” based on feedback from early testers, said Simons. “This second preview release is our last ‘preview’ release prior to the general availability of the service.”