This update was released last week as I was part way through delivery a 2 day Enterprise Mobility Suite training course, which lead to an interesting situation in student labs – some downloaded V1, while others were presented with 1.1 during the labs. Not a showstopper by any means, instead it just reconfirmed one of the important pieces of the EMS conversation, which is that you really do need to pay attention to the changes that are always taking place.
The Active Directory Team Blog posted about this late last week, calling out the following important changes.
Automatic upgrades if you use the express settings during installation. Of course if you enable this, you probably want to make sure you are monitoring AAD Connect health, which of course you are doing anyway. My take on this is that this is potentially the change that is going to trigger the upgrade from earlier versions of dirsync tools to AAD Connect at an accelerated rate, it becomes something that just gets update behind the scenes, just like Azure AD.
Reduction of the default sync interval from 3 hours to 30 minutes. Yes, you could always force synchronisation to occur at a more rapid pace, which is always useful during the early stages of deployment or testing, but now 30 minutes is the lowest sync time you can configure.
You now have Azure MFA support during the setup of AAD Connect, leveraging ADAL and the protocols it supports for sign in to Azure AD. For those that are security conscious and looking to use Azure MFA wherever possible, this is a great addition.
Moving domain and organisational unit filtering into the setup wizard is also a big improvement. I think we all know more than one person who is willing to admit to running their first dirsync without remembering to filter out the unneeded OUs, or alternatively only include the required OUs. While it wasn’t that difficult to configure in the past, it wasn’t something that was obvious at first glance.
The final change called out is the ability to easily switch between federated sign in or user and password hash sync by running through the wizard again, as opposed to without having to reinstall.