Newbie questions about Azure AD and AADConect

Question

Hi,

Newbie here, forgive me if I screw up the terminology.

We have a Windows 2008 R2 domain, slowly migrating to Windows 2016.
We are going to migrate our email from on-premise Exchange 2010 to O365 in the cloud soon (I hope).
As part of that, we have an O365 tenant with some users set up. I believe we have the free version of Azure AD and we want to implement 2FA for our IT staff.
It is my understanding that we need to install AADConnect to get our on-prem AD to sync with Azure's AD and make this possible.

Does the free version of Azure AD cause any limitations that I need to be aware of? Will it work with my 2008 R2?
Can I selectively enable users for 2FA so that I can roll it out slowly?
Can I have only some users use Azure for authentication (to get the 2FA) while the rest of my users authenticate to our on-prem AD?

Thanks,

Larry

Answer 1

Hi anonymous userWescott-3367

You can Install Azure AD Connect in any server; the main requirement is that the host must have to be in the domain.

In Azure AD, it's obligatory to activate 2FA for administrator Accounts (of Azure and MS365), for the other users you can choose if you enable it or not.

You can use your 2008 R2 without a problem, the communication between the Domain Controller and Azure AD is the Azure AD Connect.

Hope this helps.

Regards,
Carlos Solís Salazar

----------

Please "Accept as Answer" and Upvote if any of the above helped so that, it can help others in the community looking for remediation for similar issues.