Entra Connect, Entra Cloud Sync or both?
Many medium and large organizations continue to operate within a hybrid environment, combining on-premises infrastructure, such as servers, integrated with Active Directory. To make sure that users can access both on-premises and cloud-based services, identities are typically synced from on-premises Active Directory to Entra ID in the cloud.
Microsoft Entra Connect, previously know as Azure AD Connect, has long been the preferred choice to synchronize on-premises accounts with Entra ID.
However, there is a newer and more lightweight tool available called Microsoft Entra Cloud Sync. This new offering is using the Microsoft Entra cloud provisioning agent instead of the classic Entra Connect application. It can however be used alongside Connect Sync if needed.
The new lightweight setup with Entra Cloud Sync has some advantages over Connect Sync:
- Connecting to multiple disconnected on-premises AD forests
- Multiple active agents for high availability
- All sync configurations are managed in the cloud
- Group provisioning from Entra to Active Directory
There are still some scenarios where you can’t use Cloud Sync:
- You need to sync device objects
- Groups with more than 50.000 members
- Merging user attributes from multiple domains
- Using Pass-Through Authentication
You can find the full feature matrix on Microsoft Learn.
Unless you actually need any of the Entra Connect specific features, Entra Cloud Sync is our recommended tool for handling your hybrid identities need. But as earlier stated, you can also keep Entra Connect and use it for only those features, like syncing device objects, while moving the rest to Entra Cloud Sync.
The agent installer is easily downloaded from within your Entra portal under Hybrid management and should be installed on a local server in your AD domain and connected to Entra ID. There is no local SQL or configurations to be done, and all configuration of the sync agent is done from the Entra portal.
NB! Privileged accounts should not be synced. Read more on that in this article.
We are happy to assist you securing also the more complex Entra ID scenarios. Our Proactive Security Monitoring service does just that. Reach out to know more!