DirSync, AD Sync, Azure AD Connect - WST

Here at 10-D Security, we are constantly updating our Microsoft Security Review services to keep up with changes that Microsoft makes to everything from the placement of configuration controls in administrative consoles to the addition of new features in 365 and Azure. Here are a couple of things to consider regarding DirSync, AD Sync, and Azure AD Connect.

If DirSync or AD Sync are still in use for synchronizing on-premises Active Directory Domain Services to Azure Active Directory, it is time to upgrade. Both DirSync and AD Sync were deprecated in April 2017, and replaced with AAD Connect. For more information on Microsoft end-of-support for DirSync and AD Sync, see https://techcommunity.microsoft.com/t5/microsoft-entra-blog/end-of-support-for-dirsync-and-azure-ad-sync-is-rapidly/ba-p/245242.

There are several reasons to upgrade to AAD Connect. First, DirSync and AD Sync are no longer supported, and will not be receiving any security updates, leaving them open to potential vulnerabilities. Second, AAD Connect includes a number of features that change and improve integration, security, and access management with other Microsoft SaaS products like Office 365 apps, Teams, Intune, Conditional Access, general security controls in Azure Active Directory, and other third-party applications.

For more information on how to perform a parallel deployment and migration to AAD Connect alongside an existing DirSync or AD Sync implementation, refer to the following documentation: https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-dirsync-upgrade-get-started.

Regarding current deployments of AAD Connect, if subversions of 1.x are still in use, consider upgrading soon. Microsoft support for all subversions of 1.x ends August 31, 2022. More information on expiring versions and the versions to upgrade to are available here: https://learn.microsoft.com/en-US/entra/identity/hybrid/connect/reference-connect-version-history.

Again, there are numerous feature-related reasons to upgrade, all spelled out in the link above.  But mostly it is the right thing to do and is in line with regulatory guidance for software updates.

All considerations of things left unsaid about migrations or upgrades: remember your backups, change control processes, testing, upgrade planning, and post-upgrade support.

We are here to help.  Call us if you have questions or if you would like to get a Microsoft 365 Security Assessment performed.  (We do Azure assessments, too).

Authored by:Mike Smith, AWS CCP