Disable pass-through authentication
In this article, you learn how to disable pass-through authentication by using Microsoft Entra Connect or PowerShell.
Prerequisites
Tip
Steps in this article might vary slightly based on the portal you start from.
Before you begin, ensure that you have the following prerequisite.
A Windows machine with pass-through authentication agent version 1.5.1742.0 or later installed. Any earlier version might not have the requisite cmdlets for completing this operation.
If you don't already have an agent, you can install it.
- Sign in to the Microsoft Entra admin center as at least a Hybrid Identity Administrator.
- Download the latest Auth Agent.
- Install the feature by running either of the following commands.
.\AADConnectAuthAgentSetup.exe.\AADConnectAuthAgentSetup.exe ENVIRONMENTNAME=<identifier>Important
If you're using the Azure Government cloud, pass in the ENVIRONMENTNAME parameter with the following value:
Environment Name Cloud AzureUSGovernment US Gov
An Azure Hybrid Identity Administrator account for running the PowerShell cmdlets.
Use Microsoft Entra Connect
If you're using pass-through authentication with Microsoft Entra Connect and you have it set to Do not configure, you can disable the setting.
Note
If you already have password hash synchronization enabled, disabling pass-through authentication will result in a tenant fallback to password hash synchronization.
Use PowerShell
In a PowerShell session, run the following cmdlets:
- PS C:\Program Files\Microsoft Azure AD Connect Authentication Agent>
Import-Module .\Modules\PassthroughAuthPSModule Get-PassthroughAuthenticationEnablementStatusDisable-PassthroughAuthentication
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for