Migrating ADFS Connections to Azure (AAD or AAD B2C)

Moving your ADFS connections to Azure is not a trivial task.  Also, distinguish between moving the Identities in ADFS (users, groups…) versus actually migrating the app (to a VNET based IaaS infrastructure or a PaaS service like Azure App Services).

AAD Connect Health is a tool that can help you identify potential breaking points prior to migrating your ADFS apps (identities) to AAD.

Through alerts, AAD Connect Health can inform you of current gaps in your ADFS server farm.

adfs ad connect health
adfs ad connect health

What database does AAD connect use?

AAD Connect uses a local sql server express edition. It is recommended that this be upgraded to SQL Server standard

How do I move my ADFS database to Azure (say Azure SQL)?

You CAN always move to a SQL Server instance on Azure, but Azure SQL is not supported for the ADFS backend database.

Does AAD Connect move attributes associated with a

It does push attributes as well. Moreover, one can apply Declarative transformations to

Example – AAD transformative declarative rules – IIF(IsNullOrEmpty([displayName]),[cn],[displayName])

Does AAD connect accommodate external identities ?

Next Steps?



Need an experienced AWS/GCP/Azure Professional to help out with your Public Cloud Identity Migration? Set up a time with Anuj Varma.