Comments on: Azure Active Directory Terms of Use or Conditional Access Policies Can Break Directory Synchronization

By: shiftey

shiftey — Sun, 20 Sep 2020 08:28:59 +0000

Thanks – Conditional access was the culprit – enforcing MFA for all users except the admin breakglass account. Did not consider the AD Sync account. Lesson learned!

By: Carl

Carl — Thu, 02 Jul 2020 08:58:46 +0000

this just helped me out in my lab – was scratching my head for an hour there…thanks for the post 😉

By: Gulam Dasthageer

Gulam Dasthageer — Mon, 16 Mar 2020 19:15:56 +0000

very very Useful Info Mr.Paul. Thanks 🙂

By: Michael Magnus

Michael Magnus — Thu, 31 Oct 2019 07:00:01 +0000

Hi Paul,

Thanks for this insight…it is clear that the account that is used for synchronization purposes should not have MFA or Conditional Access enabled. My IT Administrator wants MFA enabled on the DirSync account and still perform synchronization. Please is there a work around for his request.

Thank you in anticipation.

By: Hal Sclater

Hal Sclater — Fri, 30 Nov 2018 15:44:57 +0000

Nice tip Paul, thanks

By: Configuring Terms of Use for User Logins to Office 365 and Azure Active Directory – SimpleITPro

Mon, 24 Sep 2018 20:04:38 +0000

[…] That includes the account that AAD Connect uses to authenticate during sync operations. This will cause AAD Connect directory synchronization to break. The solution is to add an exclusion to the conditional access policy for your Sync_* user […]