Learn Everything About Entra ID Connect Cloud Sync | Peter Rising MVP

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

Azure ad connect Cloud sync what is it why do you need it let's find out [Music] so in our most recent video on learning Microsoft 365 and Azure ID from the very beginning we looked at Azure ad connect and setting up the Azure ad connect software on a server to synchronize your on-premises active directory to Microsoft 365 and Azure ad that's the more traditional and longer term recognized way of synchronizing those uh those two separate directories but in recent years there has been a new method a new kid on the Block shall we say that has come out of hiding and that is azure ad connect Cloud sync this is a lightweight version of azure D connect that is very very simple to install as I found out and I'll share with you in a moment it lacks some of the features that are with the the Fuller version of azure ID connect shall we say but it's off to a really good start and I think it's gonna be a go-to option for many organizations who want that lighter touch shall we say so let's have a look at where we're up to in our ms102 study guide next and then we'll uh Dive Right In and set up Azure ad connect Cloud sync so as you will know by now we are working along in our Studies by using this study guide for exam ms-102 Microsoft 365 administrator even if you're not taking this exam or planning to take this exam it's a useful way to follow along in a logical path of learning Microsoft 365 and we've covered a lot in this video series already we've been right through deploying and managing a Microsoft 365 Talent we've covered a lot of ground in that section and we're well into implementing and managing identity and access in Azure ad and in this particular video that we're doing here we'll be completing this uh this first section which is implementing and managing identity synchronization with Azure ID we've looked at ID fix we've looked at uh Azure ad connect but we've not looked at Azure D connect Cloud sync yet that's the one that we're looking at today so once we've covered this one off we will be ready to move on to another section we'll be talking all about implementing and managing authentication in our next series of videos so I look forward to that but without any further Ado let's let's dive in let's set up Azure ID connect Cloud sync so in the previous video we had Azure ID connect set up now we need to turn that off by running this command set hyphen emsel dursync enabled enable the sync dollar false so we've turned that off now in the Azure portal portal.rezier.com Azure active directory we go to connect sync and we can see having run that command Azure ad connect sync is no longer in place it says Sync has never run although it does leave password hash sync enabled and it doesn't turn off the seamless single sign-on functionality okay so we're going to Cloud sync this is what we want to set up this is the first time I'll be setting this up actually so it'll be interesting to see how it goes so here we are to get started we need to install an agent and create a configuration let's open the configuration guide and have a look and see what steps it provides for us we've got a nice tutorial here to integrate a single forest with a single Azure ID tenant and we've got some prerequisites that we need to observe um for our on-premises environment and how we can get started we've got some ports that we need to be mindful of to ensure that agents can make outbound requests to Azure ad if there's a firewall between your servers and Azure ID so we need to start by installing the Azure ID connect provisioning agent and we can do that within the portal so let's go back to that Cloud sync tab I'm going to agents and let's click on to download the on-premises agent and to the right on the fly out panel here we need to go and accept the terms and download and there we go we have our setup.exe we can open straight into that and get the agent to install so open that file up there we go we need to agree to the license terms and conditions and click on install and here we go the process is initializing and we are in progress so let's see what this Cloud sync can do I'm excited to see this actually it will be a first for me as well so I am learning as we go abl always be learning learn share and repeat here we go what have we got we've got a provisioning agent configuration wizard awesome so what are we gonna have here we've got uh as you already Cloud sync to synchronize identities from on-prem to Azure ID we can have HR driven provisioning as well as you're ready to on premises Okay click next and we've got our two options so we need to select the extension to enable we've got two choices HR driven provisioning such as workday and success factors or as part of that top option as well as you already connect Cloud sync which is the one we want we also have the ability to do another option the second one down which is on-premises application provisioning which is azure data applications we'll go for the top one because this is what we want to do we want to sync on-prem to Azure redeem we click on authenticate and we will select our authenticated Microsoft 365 account here to authenticate to Azure ID with our Global administrator account we sign in we will make the MFA challenge response and all looks good excellent yes next we need to configure a service account so we can set up a group managed service account or gmsa to manage the sync to Azure ID and in order to create one or use a custom one we need to enter our domain admin our domain admin credentials to set this up so we'll put in the domain admin username and this format Peter Rising m365.com backslash Peter dot Rising enter our password and then we should be able to click on to next there's a nice link there at the bottom where you can learn more about group managed service accounts as well if you don't know what they are and how they work okay we're good connect active directory this is looking good we've got our configured demands let's click on next to proceed to the next step okay cool agent configuration we just review the settings are we happy with those we've got our ad configuration we've got our Azure ID configuration that looks good we click to confirm and there it goes it's creating the group manager service account it's proceeding through this can take a few minutes uh and there we go it's done I did Skip ahead there on the video and the agent installation is complete um okay we can click on learn more there if we want to get more information about how you configure a new configuration but we'll go back into the wizard and finish that often we'll actually go through that process cool stuff indeed all right back in to the Cloud sync option for uad connect Cloud sync and we want to do now a new configuration now that we've got the agent and which active directory domain would you like to sync so that's the one I want I want Peter Rising M365 password hash sync I certainly want that to be enabled that seems to be our only option for this particular methodology so that's fine let's go ahead and create and configuration successfully saved seems nice and simple love it I'm liking this so far okay so next we are into uh scoping filters let's several in the manage section and here we can change things like the scoping filters and the attribute mapping and do some Expression Builder type things so what we can do here is similar to what we saw in Azure active directory connect and that we can change this to be either all users are going to be synced or selected groups so selected or use and so on and so forth so this just gives you an idea of the sort of changes you can make and you need to put this in with a distinguished name of the object if you're going to manually put some items in there we'll show you what that looks a bit further along uh when we add a user in to be synced we'll we'll leave this is all used as though and we'll save that and that's absolutely fine so next in the process um we can look at the attribute mapping we we can get and again similar to Azure ad connect sync this has the ability to select these attributes here that we want to configure for our synchronization we can edit those and make the necessary changes for them things like the mapping type here for example and Source attributes and default values and we can tweak these however that we may need or want them to be so really cool stuff um next we have the option to test our configuration and what this does is it's based on provisioning on demand but we'll come back to that we'll actually do that step later on we can look at what the default properties are so I can take a look and hear what our default properties are going to be set to we've got password hash sync um we've got uh prevent accidental deletion we've got some thresholds in there we can edit those we can set up an email notifications recipient um for one notification to be sent to that recipient in every one hour so lots of cool stuff in there back to the provisioning list so we're going through this list of of things quite rapidly here um okay and now we're ready to go step five enable your configuration let's go for it let's enable our configuration and get this all going and assorted cool enable configuration we'll click on that and configuration update is in progress and there we go configuration is successfully updated I did Skip there to the end uh just in case you're wondering that did take a bit longer than that appeared to be with that done if we click on overview now and the overview tab within there we can see we've got the configuration status and we have some agents in there but it's got a yellow triangle on it at the moment now I suspect that'll turn green uh in due course we'll come back to that in a moment under monitoring we can see things like provisioning logs and auditing logs and we can see export and import activities and sync activities we can see our agents in there and see that the agent is active in there uh for our server and we get some insights here as well uh relating to log analytics but that integration is not enabled just yet and that's not something we'll cover on this video maybe something that I cover on a future video I just want to purely sync this to Azure ID using the Cloud sync so let's go back to overview what are our next steps agents still showing you ah there we go a nice green tick now and now we can click on see all agents that did take a little while by the way I did pause the video and wait about 10 or so minutes before that agent went green and now in here we can see our machine name um and that's all good so this is looking great we've got some nice green check boxes there um for our configuration status and our One agent that we saw for have installed so let's go into our admin Center our M365 admin Center into our active users you might remember from the last video we had one synced user Deanna Troy Deanna Troy is still there she was not deleted she remains as a as a synced uh from on-premises user now what I'm going to do is I'm going to go into server manager and I'm going to go into active directory users and computers and I'm going to create a new user which will be synced across to Azure ad so little disclaimer I did create one there called Catherine janeware there which you may be able to see and that did sync on its own in probably about 15 minutes I kept refreshing and it did appear but you can force this in the test phase that we saw briefly earlier on so that's what I'm going to do here I'm creating this user Tom Paris and I'm going to trigger that uh that on-demand sync once I have this user created so we'll show you what that looks like in just a second so pretty cool stuff right we got our user created so now what we need to do is go back to the portal and here we need to under the provision on demand section we need to enter the distinguished name of the user which is going to be CN equals Tom Paris comma CN equals users CN comma DC equals Peter Rising M365 comma DC equals com we validate that it's validating away it's Progressive and lots of lovely green checks that is beautiful we can see that the account enabled is true we've got everything we want to see there so we did that synchronization on demand there from the provision on demand section we've successfully imported a user and we click on finish and now we should be able to go back into active users and give that a refresh and we should see the wonderful Tom Paris should now appear in our list of active users and indeed there he is all good stuff indeed I like Azure ad Cloud sync very much and that's it for another video folks thank you so much as ever for all of your support please do subscribe please like and share and learn share and repeat that's the model that we have on this channel I hope you're all enjoying learning along with me this was a brand new experience for me today I'd never set up Azure ID connect Cloud sync before it was a real first and I really enjoyed it I hope you did too you can find me on various forms of social media I'm most active on Twitter where you can find me at M365 Rising so please do connect with me there uh please leave some comments in this YouTube video I love to hear from you I love to hear your stories your experiences with the technology that I'm sharing tell me how you found Azure ad connect cloud or is your ID connect the more traditional one which are you favoring which are you using in your organization what has been your experiences your um your good points and bad points shall we say I'd love to hear thanks again take care I'll see you in the next video bye foreign

Info

Channel: Peter Rising MVP

Views: 2,435

Rating: undefined out of 5

Keywords: Entra, Azure AD, Azure AD Connect, Cloud sync, Azure, Microsoft, Microsoft 365, M365, Cloud, Identity, PRV&x%, entrance of the gladiators, entra idhi, entrapment full movie, entra en mi vida, entrada de canelo alvarez, entrati lanthorn farm, entrance exam questions, entrance music, entra en mi vida sin bandera con letra, entra en la presencia del señor con gratitud, entrapment full movie 1999, entrada triunfal, entrapment, entra en mi casa entra en mi vida cambia toda mi estructura

Id: KGOER9ZE8gI

Channel Id: undefined

Length: 16min 33sec (993 seconds)

Published: Fri Apr 14 2023