AAD Connect 1.1.819.0 now includes new Device Options and PingFederate Integration

Thursday, May 24, 2018
Microsoft released AAD Connect version 1.1.819.0 which includes several notable changes and improvements.
  • This release includes the public preview of the integration of PingFederate in Azure AD Connect. With this release customers can easily and reliably configure their Azure Active Directory environment to leverage PingFederate as their federation provider.
  • Updated the Azure AD Connect Wizard Troubleshooting Utility, where we now analyze more error scenario's, such as Linked Mailboxes and AD Dynamic Groups.
  • Device Writeback configuration is now managed solely within the Azure AD Connect Wizard.
  • A new PowerShell Module called ADSyncTools.psm1 is added that can be used to troubleshoot SQL Connectivity issues and various other troubleshooting utilities.
  • A new additional task "Configure device options" has been added. You can use the task to configure the following two operations:
    • Hybrid Azure AD join: If your environment has an on-premises AD footprint and you also want benefit from the capabilities provided by Azure Active Directory, you can implement hybrid Azure AD joined devices. These are devices that are both joined to your on-premises Active Directory and your Azure Active Directory.
    • Device writeback: Device writeback is used to enable conditional access based on devices to AD FS (2012 R2 or higher) protected devices.

To begin using PingFederate as your IDP, select "Change user sign-in" from the AAD Connect main menu and then select "Federation with PingFederate".

The wizard will walk you through connecting Active Directory and will produce a text document with instructions on how to configure PingFederate server with Office 365. Once done that's done, it converts the O365 tenant to federation-managed. Finally, it will validate the federated sign-in.

To configure the new Device Options for AAD-joined devices, click "Configure device options" on the main menu. After you authentication to Azure AD you'll see this summary:

When configuring Hybrid Azure AD join, AAD Connect will offer to create the service connection point (SCP) in Active Directory which is used by your devices to discover your AAD tenant information. It also offers to create a PowerShell script that will create the SCP, in case the account used to run AAD Connect does not have the rights to create the SCP itself.

Next, you select the operating systems in your environment (Windows 10 and/or supported Windows downlevel domain-joined devices). Supported downlevel devices include Windows 8 and earlier.

Once completed, you will need to perform some post configuration tasks for Hybrid Azure AD join, which includes controlling rollout, GPO entries for device registration, and other tasks outside the AAD Connect configuration.

As usual, this build also includes numerous fixes which can be read in the AAD Connect version release history. Most notably, this release updates the SQL Server Express installation to SQL Server 2012 SP4, which, among others, provides fixes for several security vulnerabilities.

Most customers will receive this upgrade automatically as long as Auto Upgrade is enabled. Others can download the latest version of Azure AD Connect here.

No comments:

Post a Comment

Thank you for your comment! It is my hope that you find the information here useful. Let others know if this post helped you out, or if you have a comment or further information.