Skip to main content This browser is no longer supported. Show
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
In this articleThis article describes the prerequisites and the hardware requirements for Azure Active Directory (Azure AD) Connect. Before you install Azure AD Connect, there are a few things that you need. Azure AD
Prepare your on-premises data
On-premises Active Directory
PowerShell execution policyAzure Active Directory Connect runs signed PowerShell scripts as part of the installation. Ensure that the PowerShell execution policy will allow running of scripts. The recommended execution policy during installation is "RemoteSigned". For more information on setting the PowerShell execution policy, see Set-ExecutionPolicy. Azure AD Connect serverThe Azure AD Connect server contains critical identity data. It's important that administrative access to this server is properly secured. Follow the guidelines in Securing privileged access. The Azure AD Connect server must be treated as a Tier 0 component as documented in the Active Directory administrative tier model. We recommend hardening the Azure AD Connect server as a Control Plane asset by following the guidance provided in Secure Privileged Access To read more about securing your Active Directory environment, see Best practices for securing Active Directory. Installation prerequisites
Harden your Azure AD Connect serverWe recommend that you harden your Azure AD Connect server to decrease the security attack surface for this critical component of your IT environment. Following these recommendations will help to mitigate some security risks to your organization.
SQL Server used by Azure AD Connect
Accounts
Connectivity
For more information, see MSDN about the default proxy element. For more information when you have problems with connectivity, see Troubleshoot connectivity problems. OtherOptional: Use a test user account to verify synchronization. Component prerequisitesPowerShell and .NET FrameworkAzure AD Connect depends on Microsoft PowerShell 5.0 and .NET Framework 4.5.1. You need this version or a later version installed on your server. Enable TLS 1.2 for Azure AD ConnectPrior to version 1.1.614.0, Azure AD Connect by default uses TLS 1.0 for encrypting the communication between the sync engine server and Azure AD. You can configure .NET applications to use TLS 1.2 by default on the server. For more information about TLS 1.2, see Microsoft Security Advisory 2960358.
DCOM prerequisites on the synchronization serverDuring the installation of the synchronization service, Azure AD Connect checks for the presence of the following registry key:
Under this registry key, Azure AD Connect will check to see if the following values are present and uncorrupted:
Prerequisites for federation installation and configurationWindows Remote ManagementWhen you use Azure AD Connect to deploy AD FS or the Web Application Proxy (WAP), check these requirements:
TLS/SSL certificate requirements
Name resolution for federation servers
Azure AD Connect installs the following components on the server where Azure AD Connect is installed. This list is for a basic Express installation. If you choose to use a different SQL Server on the Install synchronization services page, SQL Express LocalDB isn't installed locally.
The following table shows the minimum requirements for the Azure AD Connect sync computer.
The minimum requirements for computers running AD FS or Web Application Proxy servers are:
Next stepsLearn more about Integrating your on-premises identities with Azure Active Directory. FeedbackSubmit and view feedback for What connection types enable synchronization?Connection types that enable synchronization are often high speed and reliable. These include your home 802.11 Wi-Fi connection as well as USB and FireWire. These connections offer two-way transmission of data over a secure and reliable connection, which is crucial to synchronization.
Which of the following are types of data that can be synchronized between a mobile device and a computer?The term "Mobile device synchronization" refers to the process of making the same data available on multiple devices. Synchronized data might include contacts, applications, emails, pictures, music, video, calendars, bookmarks, documents, location data, social media data, e-books, or passwords.
What types of data can you synchronize to your vehicle?Here is some of the information a hacker can access via a synced car:. Recent call log.. Recent text messages.. Garage door opener code.. Personal calendar.. List of contacts.. Recent emails.. GPS data that includes your home address.. Which are examples of universal connection types that allow mobile device synchronization?When dealing with synchronization, a mobile device can connect to a PC via USB (the most common), RS-232 serial connections (less common), Wi-Fi, and Bluetooth.
|