Disable pass-through authentication
In this article, you learn how to disable pass-through authentication by using Azure Active Directory (Azure AD) Connect or PowerShell.
Before you begin, ensure that you have the following prerequisite.
A Windows machine with pass-through authentication agent version 1.5.1742.0 or later installed. Any earlier version might not have the requisite cmdlets for completing this operation.
If you don't already have an agent, you can install it.
- Go to the Azure portal.
- Download the latest Auth Agent.
- Install the feature by running either of the following commands.
If you're using the Azure Government cloud, pass in the ENVIRONMENTNAME parameter with the following value:
Environment Name Cloud AzureUSGovernment US Gov
An Azure Hybrid Identity Administrator account for running the PowerShell cmdlets.
Use Azure AD Connect
If you're using pass-through authentication with Azure AD Connect and you have it set to Do not configure, you can disable the setting.
If you already have password hash synchronization enabled, disabling pass-through authentication will result in a tenant fallback to password hash synchronization.
In a PowerShell session, run the following cmdlets:
- PS C:\Program Files\Microsoft Azure AD Connect Authentication Agent>