Translate

Thursday, July 14, 2016

Azure AD Connect: Synced attributes

I am asked from time to time what attributes are synced with Azure AD through Azure Active Directory Connect tool:


In general its just selected user, group and contact information.

Here you find a list of synced attributes:
https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnectsync-attributes-synchronized


Depending on Windows 10 features there are also a few machine attributes synced to Azure AD as well. This is necessary for specific scenarios like Passport for work and requires actual versions of Windows 10 build (build 10551 or newer) for devices:
https://azure.microsoft.com/en-us/documentation/articles/active-directory-azureadjoin-devices-group-policy/


Be carefull and dont think you know what you are doing by partially not syncing them. Depending on the services they are really necessary. E.g. Exchange onpremise stores a lot of informations in AD. So Exchange online do as well. Therefore these attributes are necessary for proper function.


Unless you are the developer of the cloud application like Exchange Online you are not the one to judge if an attribute is necessary for correct function or not.


So either you feel comfortable with the attributes or just dont use Azure AD at all. Everything else will just mess up the AAD information and the cloud applications will not work properly.


Azure AD also stores Bitlocker keys but only for Azure AD joined machines.
https://blogs.technet.microsoft.com/home_is_where_i_lay_my_head/2016/03/14/automatic-bitlocker-on-windows-10-during-azure-ad-join/