What objects should be syncronised from local AD

David 1 Reputation point
2022-10-26T13:15:49.477+00:00

We are going through the process of cleaning up AAD objects and noticed all our mailbox users are synchronised.
We are not a hybrid exchange org but our on-prem exchange does go via EOP
so, my initial thought is that the mailboxes are not needed in AAD along with a bunch of on prem security groups.

Obviously, the mailbox users don't have MFA enabled and are also disabled accounts which means our MFA reports (among other reports) are... not very usefully as they show for example 50% user have enrolled MFA... when in reality it's more like 99%

So my question, is there any documentation on best practices for object synchronisation to AAD

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,908 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,586 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. JimmySalian-2011 41,921 Reputation points
    2022-10-26T13:31:04.463+00:00

    Hi,

    Yes there is detailed guidance and recommendations on this process, you can filter and select users/groups/OU that you want to sync including creating attribute based filters how-to-connect-sync-configure-filtering

    Hope this helps.
    JS

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments