Just wondering if anyone has inputs on how to implement sign-in disaster recovery mentioned in this guide - https://docs.microsoft.com/en-us/azure/security/fundamentals/choose-ad-authn (bottom right decision box in the decision tree diagram). As per AD Connect setup document, seems like we have only one sign-on method to select during installation process. Thanks.
@SandeepKumarNoolu-3839 You can enable Password Hash Synchronization (PHS) as backup option for both Pass Through Authentication (PTA) and Federated Authentication by performing below steps:
Run the Azure AD Connect wizard on your AD Connect server.
Click on Customize synchronization options and connect to Azure AD using Global Administrator credentials.
On the Optional Features page, you need to select the checkbox for Password Hash Synchronization to enable it as backup option.
Note: Your primary sign-in method would be the one selected under User Sign-in page. If primary sign-in method fails, you will not automatically fallback to Password Hash Synchronization. You would need to manually change the primary sign-in method to Password Hash Synchronization in that case.
Please "Accept as answer" wherever the information provided helps you to help others in the community.
Thank you @amanpreetsingh-msft . So, we should run AD Connect wizard again to change the primary sign-in method to fallback is it or do we have an option to change it programmatically ?
15 people are following this question.
