Retake Control of Attribute Synchronization to Azure AD

With Azure AD Connect, synchronizing directory data from on-premises Active Directory to Azure Active Directory is both easy and efficient. But while simple to configure, keeping the default settings might leave you more exposed than your security and regulation practices allow.

Azure AD domain, OU, app and attribute filtering allow organizations to synchronize only a handful of attributes to minimize the exposure of personally identifiable information in this setup. So, why wouldn’t you use it?

Download Our Whitepaper

*I understand that my registration information is subject to the Semperis Privacy Policy.

Overview

Synchronizing objects and their attributes from an on-premises Active Directory environment to Azure AD is a common process in many organizations. With Azure AD Connect, synchronizing directory data from on-premises Active Directory to Azure AD is both easy and efficient. But is it possible to have too much of a good thing?

Security best practices limit sharing to a strict need-to-know basis. However, Azure AD Connect synchronizes 151 attributes by default. You read that right: 151 attributes.

So, if you perform the “Express Settings” installation of Azure AD Connect, Azure AD will include a total of 151 attributes (excluding attributes that are null or not present) for every object synched from your on-premises Active Directory to Azure AD.

In this whitepaper, you will learn

  • How to Customize Settings in Azure AD Connect and limit your organization’s exposure
  • Define Domain and OU filtering
  • Restrict the list of cloud applications
  • Customize synchronization options

About the author

Sean Deuby

Sean Deuby

Expert in Microsoft’s hybrid identity architecture of Active Directory, Azure AD, and Enterprise Mobility + Security (EMS). Veteran speaker, writer, and technology journalist with over 400 published articles. Awarded MVP status by Microsoft for 15 consecutive years..