Last week, Microsoft released version 1.1.749.0 of Azure AD Connect, its free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments to Azure Active Directory.
This version adds privacy controls, additional security controls, a wizard page for device write-back and other miscellaneous fixes.
Privacy settings and notifications
The team added Privacy Settings for the General Data Protection Regulation (GDPR). For GDPR compliance, Microsoft is required to indicate the kinds of customer data that are shared with Microsoft (telemetry, health, etc.),, have links to detailed online documentation, and provide a way to our customers to change their preferences. This version of Azure AD Connect adds the following:
- A data sharing and privacy notification on the End-user License Agreement (EULA) page of the Azure AD Connect Wizard when you perform a clean install.
- A data sharing and privacy notification on the upgrade page when you perform an upgrade.
- A new additional task, labeled "Privacy Settings", where admins can change their preferences.
Toggle for application telemetry
Azure AD Connect admins can now switch off the exchange of application telemetry between Azure AD Connect and Azure Active Directory.
Azure AD Health data review
An Azure AD Connect Health admin are required to visit the health portal to control their health settings. Once the service policy has been changed, the agents will read and enforce it.
Device write-back configuration
The Azure AD Connect Configuration Wizard now allows admins to perform Device Write-back configuration actions. A progress bar for page initialization is also added.
Improved General Diagnostics
Microsoft improved the general diagnostics with HTML report and full data collection in a ZIP-Text / HTML Report.
Improved reliability of auto-upgrades
Microsoft improved the reliability of the Automatic Upgrade functionality and added additional telemetry to ensure the health of the server can be determined.
Restricted permissions on the AD Connector account
Azure AD Connect restrict permissions available to privileged accounts on the AD Connector account. For new installations, the wizard will restrict the permissions that privileged accounts have on the AD Connector account after creating it.
This change only applies to Express installations of Azure AD Connect and Custom Azure AD Connect installations with an automatically created service account in Active Directory
No SA privileges required for clean installations
The Azure AD Connect team changed the installer so it no longer requires SA privilege on clean install of Azure AD Connect.
Troubleshoot synchronization for a specific object
Microsoft added a new utility to troubleshoot synchronization issues for a specific object. It is available as part of the "Troubleshoot Object Synchronization" option of Azure AD Connect’s Troubleshoot Additional Task. Currently, the utility checks for the following:
- UserPrincipalName mismatch between synchronized user object in the Active Directory Domain Services (AD DS) environment and the user account in the Azure AD Tenant.
- If the object is filtered from synchronization due to domain filtering
- If the object is filtered from synchronization due to organizational unit (OU) filtering
Synchronize the current password hash for a specific user
Microsoft added a new utility to synchronize the current password hash stored in the on-premises Active Directory Domain Services (AD DS) environment for a specific user account.
Microsoft fixed the timing window on background tasks for Partition Filtering page when switching to next page.
Microsoft fixed a bug that caused an Access violation during the ConfigDB custom action.
Microsoft fixed a bug to recover from SQL connection time-outs.
Microsoft fixed a bug where certificates with SAN wildcards failed a prerequisite check.
Microsoft fixed a bug which caused miiserver.exe to crash during an Azure AD connector export.
Microsoft fixed a bug which bad password attempt logged on a Domain Controller when running the Azure AD Connect wizard to change the configuration.
This is version 1.1.749.0 of Azure AD Connect.
It was signed off on on February 17, 2018.
Will you get it?
This release is currently distributed to a small and random section of Azure AD Connect tenants that have enabled auto-upgrade. Microsoft intends to expand this group of tenants in the coming weeks until 100% of our auto-upgrade customers have received this release. Microsoft expects to achieve full coverage of auto-upgrade tenants mid March 2018.
When all auto-upgrade tenants have upgraded, Microsoft will release Azure AD Connect version 1.1.749.0 for general download here.