Trendy Authentication is lastly obtainable for Microsoft Entra Join Sync. Up until now, a username and password have been required for the authentication, however with the final launch, help for application-based authentication has been added.
The brand new authentication technique makes use of a third-party app in Entra ID and an OAuth 2.0 consumer credential move with certificates credentials.
On this article, we are going to have a look at the best way to improve your current Microsoft Entra Join sync to trendy auth.
Certificates Administration Choices
Earlier than upgrading to trendy authentication, it’s good to know that there are three choices for managing the appliance and certificates used for authentication. Every possibility comes with totally different ranges of management and accountability.
- Managed by Microsoft Entra Join (Really useful)
- Deliver Your Personal Utility (BYOA)
- Deliver Your Personal Certificates (BYOC)
Managed by Microsoft Entra Join
That is the really helpful and best choice to implement. The Microsoft Entra Join handles all the things, from creating the app in Microsoft Entra ID to certificates creation, rotation, and cleanup.
The certificates is robotically saved within the Present Consumer certificates retailer. When TPM is on the market in your machine, all key service operations are securely carried out within the devoted {hardware} atmosphere.
That is the default and really helpful possibility when putting in or upgrading to model 2.5.3.0 or greater.
Deliver Your Personal Utility
If you wish to have full management over the app that’s utilized in Microsoft Entra ID, the permissions, and the certificates, then you should use the Deliver Your Personal Utility possibility. This implies that you’ll want to register the app, assign the right permissions, create, rotate, and clear up the certificates, and ensure it’s saved securely within the Native Machine retailer.
Deliver Your Personal Certificates
The final possibility is to let Microsoft Entra Join create the app, however you deal with the certificates. On this case, you might be chargeable for creating the certificates, its rotation, and cleanup unused/expired certificates.
You’ll find the necessities for the certificates and/or app right here within the Microsoft documentation.
Improve Microsoft Entra Join Sync
Additionally new with this launch is that the brand new model of Microsoft Entra Join Sync is barely obtainable within the Microsoft Entra Admin Heart. In Microsoft Entra, go to Identification > Hybrid Administration > Microsoft Entra Join, or you should use this direct hyperlink to the Microsoft Entra Join Blade.
You will discover the obtain below the Handle tab on the Get Began web page. Obtain the newest Microsoft Entra Join Agent.
Earlier than putting in the improve, it’s at all times a good suggestion to again up the prevailing configuration.
- Obtain the Microsoft Entra Join Agent and run the installer.
- Settle for the phrases and click on proceed within the Microsoft Entra Join Sync wizard
- Allow Configure software based mostly authentication to Microsoft Entra ID
- Click on on Improve
- Enter the Entra ID International administrator credentials
- Click on on Improve
- In the course of the improve course of, you have to to re-enter the Entra ID International Admin credentials.
Confirm the Improve
When accomplished, you possibly can examine the put in Microsoft Entra Join model with the PowerShell command under. The primary cmdlet ought to return the ConnectorIdentityType with the worth Utility, and the final command ought to return the appliance model, which needs to be 2.5.3.0 or greater:
# Test Connector Identification Sort Get-ADSyncEntraConnectorCredential # Test the model Get-Bundle -Title "Microsoft Entra Join Sync"
To confirm if the appliance is now utilizing Trendy Authentication, we are able to additionally lookup the registered app in Microsoft Entra ID. In Microsoft Entra Admin Heart, increase Identification and go to Purposes > App Registrations.
Click on on All Purposes and seek for ConnectSync. This could return the ConnectSyncProvisioning software in your server. Should you open the app, you will note {that a} certificates is created and the API permissions for Entra AD Sync are added.
Wrapping Up
If you wish to use the opposite authentication strategies, BYOC or BYOA, then use the steps outlined right here within the documentation. Principally, you have to to make use of PowerShell to hook up with the Entra software and/or certificates that you just created.
The applying-based authentication for Microsoft Entra Join sync is at the moment in preview. So don’t rush to put in this model in your manufacturing atmosphere, however it’s nice that we are able to lastly transfer this software to trendy authentication as effectively.
