Sync configuration with on-prem AD and Azure AD Connect

JSimm01 · ‎11-09-2021

Hey everyone,

This may be a silly question but I’m not super familiar with the inner workings of Azure AD when it comes to syncing accounts from my on-prem AD setup.

We have an on-prem AD setup and we also use Azure AD Connect to sync internal users to AAD in order to use Office 365 products.

I’m setting up duo now and I was wondering if I could get away with syncing Duo with AAD instead of my on-prem AD. I would like to avoid installing the proxy is all, but I’m not sure if this would cause any issues down the road? Would I be better off just syncing using the internal proxy?

What do you all think?

Thanks!

Antony GALLEZ · ‎11-10-2021

Hi,

First, I have to say I have no clue on how AD<=>AAD sync works.

What is the single source of truth in your case? I mean, for what I understand:

Your local AD is where you handle your users.
You have a sync with this AD for your AAD.
Duo is also synced with your AD (but you’d like to point Duo to AAD)

The only concern I see here is: what if your sync between your on-prem AD and AAD has issue? Your Duo won’t be up to date.

So, I’d rather recommend you to move your single source of truth to AAD (i.e. managing your user in AAD instead of your on-prem AD) and then, when it is done, you may move the Duo sync to AAD.

Now, a last question: why do you want to move away from the Duo AuthC proxy?

HTH,
Antony