AD Connect? Entra? Version 1 deprecation? Cloud Sync?
On-prem and Cloud interactions can be quite confusing, and Microsoft’s recent naming convention changes only add to the confusion. However, I have worked closely with these sync services and would like to clarify a few things!
The two sync services I’d like to focus on today are Microsoft Entra Connect Sync V2 (Connect Sync) and Microsoft Entra Cloud Sync (Cloud Sync). The reason I specify V2 for Connect Sync is due to the recent deprecation of V1. The deprecation had a couple altered timeframes, but it was fully decommissioned on October 1st 2023. The support for V1 ended a year prior, but it was still working as intended until October 1st 2023 when sync requests made using V1 were no longer accepted by the cloud (Entra).
So, what’s the deal? Cloud Sync or Connect Sync? What’s better? Well, the answer isn’t as straight forward as you might think. Even though cloud technologies are advancing at a rapid rate, some company infrastructure is not. Microsoft recognizes this and offers these two products because they solve two different use cases.
For organizations that are heavily moving towards a “cloud-first” infrastructure, Cloud Sync is recommended. This sync service moves away from the necessity of having more software installed on-prem and on VMs, and instead only uses a very lightweight agent to accomplish the communication with the Cloud environment. The agent is lightweight since configuration for this service is done in the cloud; no need to spec out a VM to handle any workloads.
However, not all organizations are in a place where they can utilize Cloud Sync. This is where it’s counterpart Connect Sync comes into play. Connect Sync is utilized for infrastructures that have more of an emphasis on hybrid environment. Hybrid Exchange is a great example of why this sync option would be picked over Cloud Sync. Organizations that manage user and computer objects in great depth might also pick this option, as there is more configuration options regarding areas like attribute filtering and extended schema attributes. However, a large downside to this option is that there is no high availability option, unlike Cloud Sync. Connect Sync operates using an ‘active’ and ‘passive’ agent, which needs to manually be swapped over if an issue arises with the ‘active’ connection.
To me, Cloud Sync should be explored as a first option until a roadblock leads you to Connect Sync. There is more reliability with Cloud sync, and I think it is more ‘future proof’. That being said, Connect Sync is a perfectly good option, especially if you are using any on-prem applications that require pass-through authentication.
For a clear side by side of what is offered with which sync service, you can visit microsoft’s website and see this side by side comparison: What is Microsoft Entra Cloud Sync? - Microsoft Entra ID | Microsoft Learn
After reviewing this, confusion can definitely still be prevalent. Microsoft also has a wizard that you can walk through to identity what your sync needs are by inputting details about your environment: Add or sync users to Microsoft Entra ID | Microsoft Entra ID.
We are also happy to help guide you through your journey and continue the conversation. Contact us at any time!