Microsoft Entra Join V2 permits the combination of on-premises Home windows Server Energetic Listing (AD) with Microsoft Entra ID (previously Azure AD) to supply customers with a single sign-on with the identical username and password each regionally and within the cloud. Initially generally known as Azure AD Join, the software has not solely been renamed but additionally expanded with new options.
Along with the traditional Entra Join Sync, there’s additionally the extra fashionable answer Microsoft Entra Cloud Sync, which provides less complicated administration and better availability however comes with sure limitations. These will even be addressed on this publish.
Entra Join V2: Stipulations and Issues
Entra Join V2 requires at the least Home windows Server 2016 and a present .NET model. Relying on the variety of objects to be synchronized, a SQL Server can also be required. Whereas synchronization primarily flows from on-premises AD to Entra ID, chosen attributes, reminiscent of modified passwords, will also be written again to the native AD. Completely different necessities, reminiscent of the necessity for Hybrid Be part of, Go-through Authentication, or Attribute Filtering, decide whether or not the traditional or the cloud variant ought to be used. You will need to think about all system necessities and permissions, in addition to potential pitfalls, to make sure easy synchronization earlier than implementation.
Microsoft has not but up to date all designations. Along with the time period “Entra,” Azure AD remains to be used, even within the set up of Entra Join Sync. In a number of locations, Azure Energetic Listing Join remains to be talked about, despite the fact that the brand new options of Entra Join Sync are in use within the background.
The Key New Options in Entra Join V2
Efficiency Enhancements and Safety Updates in Entra Join V2
Microsoft Entra Join V2 brings new options in comparison with the older V1 model that enhance each the efficiency and safety of the platform. One of the important adjustments is the replace to the SQL Server part. Whereas model V1 used SQL Server 2012 LocalDB, V2 integrates the SQL Server 2019 LocalDB function. This results in elevated stability and efficiency, in addition to addressing a number of safety vulnerabilities. Since prolonged assist for SQL Server 2012 led to July 2022, this replace is crucial to make sure continued safe and supported operation.
One other safety function of Entra Join V2 is the unique assist for the TLS 1.2 protocol. Earlier variations that also used TLS 1.0 and 1.1 are thought-about insecure and are now not supported. This ensures that communication protocols meet present safety requirements. Moreover, all binary recordsdata that had been beforehand signed with the insecure SHA-1 algorithm have been switched to the safer SHA-2 algorithm to make sure the integrity of the software program.
Superior Options and Compatibility in Entra Join V2
One other necessary advance in Entra Join V2 is the shift from the outdated ADAL authentication library to the extra fashionable MSAL library, which is included in Entra Join V2. ADAL has not been supported since December 2022, making an improve to the brand new model necessary to keep away from potential authentication points. The Microsoft Authentication Library (MSAL) provides important benefits over the older Azure Energetic Listing Authentication Library (ADAL), notably when built-in with Entra Join V2. MSAL helps not solely consumer authentication in Microsoft Entra ID but additionally in different identification suppliers by way of OpenID Join and OAuth 2.0 protocols. A key benefit of MSAL is its assist for contemporary authentication options reminiscent of Conditional Entry and Multi-Issue Authentication (MFA), which aren’t natively built-in in ADAL. Moreover, MSAL permits seamless integration with Microsoft Graph, making it simpler and extra complete to handle identities and assets within the cloud.
Moreover, the C++ runtime library has been up to date to the Visible C++ Redistributable 14 model to make sure compatibility with SQL Server 2019. One other necessary facet is the modified assist for underlying working programs. Entra Join V2 requires at the least Home windows Server 2016, because the included SQL Server 2019 parts are now not suitable with older Home windows Server variations. For customers nonetheless utilizing older working programs, which means that an improve to a more moderen Home windows Server model is required, ideally Home windows Server 2022. That is particularly vital because of the finish of assist for Home windows Server 2016.
Entra Join v2 vs. Entra Cloud Sync
Overview of Present Variations
Microsoft Entra Join V2 and Microsoft Entra Cloud Sync differ in a number of facets which can be essential when deciding on the suitable answer. Earlier than persevering with, it could be vital to provide a quick overview of the present instruments and names:
⇒Azure AD Join and Entra Join are older variations of Entra Join V2.
⇒Azure AD Join Cloud Sync” corresponds to Microsoft Entra Cloud Sync
Extra details about the distinction may be learn right here: Azure AD Join and Azure AD Join Cloud Sync
At the moment, there are:
- Entra Join V2: Synchronizes on-premises directories with Entra ID
- Entra Join Sync: Automates identification matching.
- Entra Cloud Sync: Cloud-based, optimized for synchronization with out on-premises infrastructure.
Most important Architectural Variations
Entra Join V2 provides extra intensive capabilities in the case of connecting to Energetic Listing forests. Entra Join helps each single and a number of on-premises AD forests, even when they’re separate. This flexibility makes the answer notably appropriate for advanced, distributed IT environments. Cloud Sync can even join a number of AD forests however not separated ones.
A key distinction between the 2 options lies within the set up structure. Entra Cloud Sync makes use of an agent-based mannequin that enables for simple set up and configuration. A number of lively brokers present excessive availability, guaranteeing that synchronization continues uninterrupted even when one agent fails. Entra Join V2, however, follows a extra conventional set up mannequin that requires extra intensive configuration and customization but additionally provides extra management over synchronization.
Superior Options
By way of supported object varieties and options, each options present primary assist for consumer, group and speak to objects in addition to synchronization of Alternate On-line attributes and prolonged attributes (1-15). Nevertheless, Entra Join V2 moreover helps the synchronization of gadget objects and user-defined AD attributes, which is related for environments with particular, device-based necessities.
One other distinction lies within the customization and filtering choices. Each options enable primary customization of attribute flows and filtering by domains, organizational models or teams. Nevertheless, Entra Join provides extra superior choices, together with filtering by attribute values of an object and superior customization of the attribute circulation, which permits detailed management over the synchronization. Cloud Sync does with out these superior customization choices, which simplifies operation however provides much less flexibility.
There may be additionally a differentiation in the case of authentication and write-back assist. Entra Join helps each password hash synchronization and pass-through authentication, whereas Cloud Sync solely provides password hash synchronization. As well as, Join helps writing passwords, gadgets and teams again to the native AD atmosphere, whereas Cloud Sync has limitations right here with regard to writing again gadgets and as an alternative refers back to the future use of the Cloud Kerberos belief.
Characteristic | Entra Join V2 | Cloud Sync |
Supported Object Sorts | Consumer, Group, and Contact Objects | Consumer, Group, and Contact Objects |
Synchronization of Alternate On-line Attributes | Sure | Sure |
Prolonged Attributes (1–15) | Sure | Sure |
Synchronization of Gadget Objects | Sure | No |
Synchronization of Customized AD Attributes | Sure | No |
Customization and Filtering Choices | Superior filtering by attribute values and detailed customizations | Fundamental customizations of attribute flows and filtering by domains, OUs, or teams |
Password Hash Synchronization | Sure | Ja |
Go-through Authentication | Sure | No |
Password Write-back | Sure | No |
Gadget Write-back | Sure | Restricted (Future use of Cloud Kerberos belief) |
Group Write-back | Sure | No |
Scalability
One other necessary distinction lies within the scaling and the variety of objects supported. Entra Join V2 permits an infinite variety of objects per AD area and helps massive teams with as much as 250,000 members. In distinction, Cloud Sync is proscribed to 150,000 objects per AD area and teams with as much as 50,000 members, which is usually a important drawback in bigger environments.
In abstract, Microsoft Entra Join provides a extra complete answer for advanced, massive environments that require superior customization, scalability and deep integration. Microsoft Entra Cloud Sync, however, is aimed toward less complicated implementations the place fast setup, excessive availability and lowered complexity are key. The selection between the 2 options ought to due to this fact rely closely on the particular necessities and complexity of the IT infrastructure in query.
Parameter | Entra Join V2 | Cloud Sync |
Max. Objects per AD Area | Limitless | 150.000 |
Max. Members per Group | 250.000 | 50.000 |
Disadvantages of utilizing Entra Join V2
A significant drawback of Entra Join in comparison with Entra Cloud Sync is the elevated complexity of set up and configuration. Whereas Cloud Sync makes use of an agent-based mannequin that allows easy and quick implementation, Entra Join V2 requires a extra complete infrastructure and considerably extra administrative effort.
As well as, Entra Join’s excessive availability is much less versatile because it doesn’t present native assist for a number of lively brokers, which is normal with Cloud Sync. These components result in a better demand for technical assets and an extended implementation time with Entra Join, which may be perceived as an obstacle in much less agile or smaller IT environments.
FirstAttribute AG – Id Administration & IAM Cloud Providers
We might be completely satisfied to current our companies and options to you. Get in contact and learn how we will help you.
Did this allow you to? Share it or depart a remark:
Artikel erstellt am: 25.11.2024