ADFS to AAD Tips and Tricks
View ADFS Activity within the Azure Portal
Install the AD Connect Health Agent (using Powershell and AD Admin Credentials)
When migrating apps from ADFS to AAD, keep in mind any existing AD groups that are automatically being synced to AAD. You would want to simply do role assignments for the already synced groups. If there are no groups being synced, create a new AAD group and add users to them (use this powershell script to add role assignments)
What about new users that are provisioned in AAD?
If you have new internal users that join your corporate AD and are synced to AAD, how do you ensure that they make it to the vendor app?
SCIM is the answer. Under your Enterprise AAD App (that you would have configured when you migrated your ADFS connections to AAD), there should be a Provisioning tab. Check the ‘Automatic’ Provisioning and follow the instructions from there.
Why move away from ADFS to AAD?
The number one reason is certificate management. AAD will handle that for you. In addition, SSO and MFA are easily incorporated for AAD users. A clean separation of external (B2C tenants) app users and internal (enterprise app) users.
Additional reasons include better user management, access control and visibility into the application.
Need an experienced AWS/GCP/Azure Professional to help out with your Public Cloud Identity Migration? Set up a time with Anuj Varma.