Microsoft Announces Azure AD Connect Health For Sync

Microsoft announces the availability of Azure AD Connect Health for Sync.
 
The company in its official blog states,
 
“Today I’m happy to get to share the news that Azure AD Connect Health for Sync is now Generally Available (GA)!”
 
The Connect Health for ADFS has been one of the most rapidly adopted Azure AD capabilities which has been built by Microsoft.
 
Alex Simons, Director of Program Management, Microsoft Identity Division, states in the blog,
 
“Connect Health for ADFS has been one of the most rapidly adopted Azure AD capabilities we’ve ever built so I’m excited to expand on that success with the addition of this new monitoring support. We know that your identity infrastructure is mission critical, so making it rock solid and providing you built in tools and services to monitor the availability and performance of that infrastructure across on-premises and the cloud is a critical part of our vision.”
 
Alex Simons, Director of Program Management, Microsoft Identity Division, has invited Varun Karandikar from the AD Fabric PM Team to write a guest blog in order to explain the details give a run down of the new capabilities.
 
Varun Karandikar, from AD Fabric PM Team, states in the blog,
 
“I’m Varun Karandikar, a PM on the Azure AD Connect Health team. With the growing success of Azure AD Connect, customers have been sending us a pretty clear message – they need tools and service to monitor both the authentication components and the sync engine of Azure AD Connect. I’m pleased to announce that the ability to monitor the sync engine with Azure AD Connect Health is now generally available. Azure AD Connect Health for sync addresses this requirement without any additional configuration or hardware. After installing and configuring the latest version of Azure AD Connect (version 1.0.9125 or higher), all you need to do is visit https://aka.ms/aadconnecthealth to view your Azure AD Connect Health Dashboard.”
 
Alerts
 
 
The sync component of Azure AD Connect is critical for ensuring that identities remain converged between your on-premises directories and Azure AD. In a similar manner, Azure AD Connect Health for AD FS and Connect Health for sync offers alerts with email notifications for critical failures in the sync engine. An alert will inform you about the issues and how you can fix it them, providing additional data on the issues, along with links to relevant documentations.
 
 
 
 Image Source: blogs.technet.microsoft.com
 
Given below are some additional details on how to detect and generate alerts, as per the official blog.
The alert engine covers password sync agents, import and export operations on all connectors, sync engine database, and the sync engine Windows service. 
  • It uses error events, sync runs profile logs and performance counters to perform this analysis.
  • It can detect different conditions that cause critical sync failures such as authentication failures, failure due to corrupt encryption keys, sync quota exceeding the current set limit, export operation failing due to the object deletion threshold, repetitive connection failures, etc.
  • Additionally, the service also monitors the machine through performance counters to ensure that the server is not overloaded for any reason.
Email Notification for Alerts
 
It is really important for you to enable email notifications for critical alert, which occurs for sync. The steps are pretty simple, all you need to do is enable the “Email notifications” button from the alerts blade and provide a custom email address where the notifications will be sent to Sync Operational Insights.
 
 
Image Source: blogs.technet.microsoft.com
 
Using alerts for critical failures might not be enough for monitoring solutions, hence, to access to key data points is equally important and valuable to identity admins. Sync operational insights make it easier to view the activity of the synchronization connecting your on-premises directory with Azure AD.
 
Sync Run Profile Latency
 
This sync run profile latency chart shows how long sync operations take and makes it easy to visualize this over a period of time. This allows the admins to:
  • Understand standard latency for operations
  • Visually detect spikes that may occur due to a large set of changes (sometimes unexpected) or due to other latencies in the network. 
You can also change the time range to either the last 24 hours (default),  the last three days or the last seven days by clicking the “Time Range” command.
 
Export Statistics to Azure AD:
 
The export statistics graph is targeted at providing visibility to the numerous changes that are being exported to Azure AD. It shows the trend for different actions such as add, update, deletes, and failures that are performed during the export operation to Azure AD.
 
 
Image Source: blogs.technet.microsoft.com
 
Last Export to Azure AD:
 
Microsoft has also made it easier to know when the last export operation to Azure AD was performed. This information is refreshed every 15 minutes.
 
 
Image Source: blogs.technet.microsoft.com
 
Microsoft states,
 
“Our goal as an Azure AD service is to ensure that the service is very simple to setup with little and almost no configuration, we want to make sure it adds value and helps in making your on-premises identity infrastructure more reliable for the consumption of Microsoft Online Services. To that extent Connect Health focuses on a simple and noise free alerting solution and your on-going feedback is important to us to make the right adjustment to the monitoring rules for a noise free solution.”
 
 
Image Source: blogs.technet.microsoft.com
 
To make it easier for you to provide feedback, Microsoft has added the capability to provide feedback directly into the alert blades.
 
 
Image Source: blogs.technet.microsoft.com
 
For more information, check here.