Retake Control of Attribute Synchronization to Azure AD


With Azure AD Connect, synchronizing directory data from on-premises Active Directory to Azure Active Directory is both easy and efficient. But while simple to configure, keeping the default settings might leave you more exposed than your security and regulation practices allow.


Azure AD domain, OU, app and attribute filtering allow organizations to synchronize only a handful of attributes to minimize the exposure of personally identifiable information in this setup. So, why wouldn’t you use it?

Download our whitepaper

Synchronizing objects and their attributes from an on-premises Active Directory environment to Azure AD is a common process in many organizations. With Azure AD Connect, synchronizing directory data from on-premises Active Directory to Azure AD is both easy and efficient. But is it possible to have too much of a good thing?

Security best practices limit sharing to a strict need-to-know basis. However, Azure AD Connect synchronizes 151 attributes by default. You read that right: 151 attributes.

So, if you perform the “Express Settings” installation of Azure AD Connect, Azure AD will include a total of 151 attributes (excluding attributes that are null or not present) for every object synched from your on-premises Active Directory to Azure AD.

 

In this whitepaper, you will learn:

  • How to Customize Settings in Azure AD Connect and limit your organization’s exposure
  • Define Domain and OU filtering
  • Restrict the list of cloud applications
  • Customize synchronization options

 

 

About the author

Sander Berkouwer

Sander Berkouwer is an IT Professional and has been a Microsoft MVP in Directory Services for the past eight years. He works as senior identity consultant at SCCT in the Netherlands, where he helps colleagues and customers make the most out of Microsoft products, strategies and technologies. Sander blogs almost daily about Active Directory, his favorite Microsoft technology.