Doing a “Greenfield” M365 deployment, or maybe you’re rethinking your identity strategy? Let’s take a look at some of the reasons why Cloud Sync is a future proof solution over Azure AD Connect.
No Support for Hybrid Join
Most people might see this as a blocker to adoption. Trust me it should not be. Azure AD Join is clearly mature enough in Windows 10 and 11 with Hello for Business to address any concerns with not doing traditional Domain Join. If you’re planning on using Windows AutoPilot for new hardware deployments (and you should be), choose to make your life a lot less stressful and don’t do Hybrid Azure AD Join.
Faster Syncing
Cloud sync support object updates every 2 minutes. This is literally 15 times faster than Azure AD Connect. This includes CRUD actions on user, group, and password hash objects. Azure AD Connect syncs objects every 30 minutes, with the exception of password changes.
Supporting Disconnected Forest
Cloud Sync is a literal life saver for Mergers and Acquisitions. Gone is the need to do complex point to point connections to enable Domain or Forest trusts to include into sync scope. With cloud sync, you have more flexibility than with Azure AD Connect, allowing Cloud Sync to support more complex topologies like:
- A single Active Directory forest to a single Azure AD tenant.
- Multiple Active Directory forests to single Azure AD tenant.
- An existing forest syncing with Azure AD Connect to a single Azure AD tenant and adding a new forest with cloud sync.
- Planning to pilot cloud sync in an existing hybrid AD forest.
High Availability deployments
Cloud sync support multiple agents deployed across your infrastructure, without the need for Staging Mode. Using Azure AD Connect, only one sync server is supported running export from the Metaverse.
When not to use Cloud Sync
While Cloud Sync is a great product, you may run into a scenario where it’s not the best choice. Here are some unique scenarios in Hybrid Identity where Azure AD Connect may be a better choice:
- You have advanced Object Filtering needs to scope subsets of objects for syncing.
- You have a requirement to use Pass Thru Authentication.
- You plan on doing Group write back.
- You have a need to support an Exchange Hybrid deployment.
- You have very large groups that objects require 250K member objects.
Wrapping up
Each organization is different, and each organization will have different requirements. Identity is one of the most fundamental building blocks of Microsoft 365. Understanding your requirements and your overall goal for your users and their experience with their devices and services should help you choose between Azure AD Connect and Azure AD Cloud Sync.
Links for further reading
Cloud Sync FAQ on Learn
Hybrid Identity on Learn
Cloud Sync Prerequisites on Learn