Securing the Azure AD Connect account

Securing the Azure AD Connect account

Azure AD Connect (AADC) integrates your Active Directory with Azure Active Directory (and from there with the various Active Directories for your workloads)  AADC has an account on-premises that has rights within Active Directory and depending on what you are syncing back from Azure AD to on-premises those rights can be extensive.

Microsoft has issued new guidance on how best to secure the AADC account (and will make changes to AADC in future so that the Express installation sets these by default)

The advisory 4056318 contains a convenient PowerShell script to secure the account in your Active Directory