Hello All,<\/p>\n
Goal is that I will be setting up conditional access for 365 so we can set up our MFA.<\/p>\n
Probably a stupid question but anyways I have access to Azure Active Directory which I have a feeling is just the control over my 365 user accounts and has nothing to do with my on prem ad until I get them syncing.<\/p>\n
I have an on prem AD server and I have access to Azure Active Directory.<\/p>\n
If I wanted to set up conditional access would a prerequisite be I must have Azure AD Connect set up on my AD server syncing up to Azure? And thats essentially how everything will be controlled in one place?<\/p>\n
Trying to work on some MFA and just had a question in regards.<\/p>\n
Could not see anywhere, where it said this was a prerequisite.<\/p>","upvoteCount":6,"answerCount":3,"datePublished":"2019-02-25T21:34:13.000Z","author":{"@type":"Person","name":"FrenchToast","url":"https://community.spiceworks.com/u/FrenchToast"},"acceptedAnswer":{"@type":"Answer","text":"\n\n
<\/div>\n Evo_x13:<\/div>\n
\nHello All,<\/p>\n
Goal is that I will be setting up conditional access for 365 so we can set up our MFA.<\/p>\n
Probably a stupid question but anyways I have access to Azure Active Directory which I have a feeling is just the control over my 365 user accounts and has nothing to do with my on prem ad until I get them syncing.<\/p>\n
I have an on prem AD server and I have access to Azure Active Directory.<\/p>\n
If I wanted to set up conditional access would a prerequisite be I must have Azure AD Connect set up on my AD server syncing up to Azure? And thats essentially how everything will be controlled in one place?<\/p>\n
Trying to work on some MFA and just had a question in regards.<\/p>\n
Could not see anywhere, where it said this was a prerequisite.<\/p>\n<\/blockquote>\n<\/aside>\n
Hey Evo_x13!<\/p>\n
My org is AD/Azure AD hybrid, utilizing AAD Connect and Conditional Access for MFA.<\/p>\n
AAD Connect is not a prerequisite for utilizing Conditional Access. It’s important to note that Conditional Access and MFA only applies to the cloud identity and will change nothing for on-premises AD, even with AAD Connect set up. Generally-speaking, AAD Connect does the following:<\/p>\n
\nSynchronizes user objects unidirectionally to AAD<\/li>\n Synchronizes passwords unidirectionally to AAD<\/li>\n Synchronizes group membership unidirectionally to AAD Synchronizes passwords bidirectionally<\/li>\n<\/ul>\nI’m not sure if you had this in mind, but Conditional Access has no affect when authenticating to regular AD, only when authenticating to Azure Ad.<\/p>","upvoteCount":0,"datePublished":"2019-02-26T11:27:41.000Z","url":"https://community.spiceworks.com/t/azure-active-directory-conditional-access/699339/2","author":{"@type":"Person","name":"matthewarmstrong","url":"https://community.spiceworks.com/u/matthewarmstrong"}},"suggestedAnswer":[{"@type":"Answer","text":"
Hello All,<\/p>\n
Goal is that I will be setting up conditional access for 365 so we can set up our MFA.<\/p>\n
Probably a stupid question but anyways I have access to Azure Active Directory which I have a feeling is just the control over my 365 user accounts and has nothing to do with my on prem ad until I get them syncing.<\/p>\n
I have an on prem AD server and I have access to Azure Active Directory.<\/p>\n
If I wanted to set up conditional access would a prerequisite be I must have Azure AD Connect set up on my AD server syncing up to Azure? And thats essentially how everything will be controlled in one place?<\/p>\n
Trying to work on some MFA and just had a question in regards.<\/p>\n
Could not see anywhere, where it said this was a prerequisite.<\/p>","upvoteCount":6,"datePublished":"2019-02-25T21:34:13.000Z","url":"https://community.spiceworks.com/t/azure-active-directory-conditional-access/699339/1","author":{"@type":"Person","name":"FrenchToast","url":"https://community.spiceworks.com/u/FrenchToast"}},{"@type":"Answer","text":"
What version of Azure AD do you have with your subscription? To be clear, we use an E1 subscription that gives us most O365 functionality but very limited AD (primarily for user management).<\/p>\n
In our case, the Basic AD allows MFA per user, but not Conditional Access rules. Further we can do the AAD Connect using a one way sync from AD to Azure but can’t use advanced features like 2 way sync or cloud based password changes.<\/p>","upvoteCount":0,"datePublished":"2019-02-26T12:44:29.000Z","url":"https://community.spiceworks.com/t/azure-active-directory-conditional-access/699339/3","author":{"@type":"Person","name":"aaronwatson8215","url":"https://community.spiceworks.com/u/aaronwatson8215"}}]}}
Hello All,
Goal is that I will be setting up conditional access for 365 so we can set up our MFA.
Probably a stupid question but anyways I have access to Azure Active Directory which I have a feeling is just the control over my 365 user accounts and has nothing to do with my on prem ad until I get them syncing.
I have an on prem AD server and I have access to Azure Active Directory.
If I wanted to set up conditional access would a prerequisite be I must have Azure AD Connect set up on my AD server syncing up to Azure? And thats essentially how everything will be controlled in one place?
Trying to work on some MFA and just had a question in regards.
Could not see anywhere, where it said this was a prerequisite.
6 Spice ups
Hello All,
Goal is that I will be setting up conditional access for 365 so we can set up our MFA.
Probably a stupid question but anyways I have access to Azure Active Directory which I have a feeling is just the control over my 365 user accounts and has nothing to do with my on prem ad until I get them syncing.
I have an on prem AD server and I have access to Azure Active Directory.
If I wanted to set up conditional access would a prerequisite be I must have Azure AD Connect set up on my AD server syncing up to Azure? And thats essentially how everything will be controlled in one place?
Trying to work on some MFA and just had a question in regards.
Could not see anywhere, where it said this was a prerequisite.
Hey Evo_x13!
My org is AD/Azure AD hybrid, utilizing AAD Connect and Conditional Access for MFA.
AAD Connect is not a prerequisite for utilizing Conditional Access. It’s important to note that Conditional Access and MFA only applies to the cloud identity and will change nothing for on-premises AD, even with AAD Connect set up. Generally-speaking, AAD Connect does the following:
Synchronizes user objects unidirectionally to AAD
Synchronizes passwords unidirectionally to AAD
Synchronizes group membership unidirectionally to AAD
Synchronizes passwords bidirectionally
I’m not sure if you had this in mind, but Conditional Access has no affect when authenticating to regular AD, only when authenticating to Azure Ad.
What version of Azure AD do you have with your subscription? To be clear, we use an E1 subscription that gives us most O365 functionality but very limited AD (primarily for user management).
In our case, the Basic AD allows MFA per user, but not Conditional Access rules. Further we can do the AAD Connect using a one way sync from AD to Azure but can’t use advanced features like 2 way sync or cloud based password changes.
