I am looking at using the Azure AD Connector for Power Automate.
https://docs.microsoft.com/en-us/connectors/azuread/#update-user
If I update an account using this, will it sync back to my on premise AD?
I am looking at using the Azure AD Connector for Power Automate.
https://docs.microsoft.com/en-us/connectors/azuread/#update-user
If I update an account using this, will it sync back to my on premise AD?
No, there is no writeback to on-prem except for some attributes depending on the options chosen:
or password writeback
To use the Azure AD connector it needs the Graph API permissions of Group.ReadWrite.All
User.ReadWrite.All
Directory.ReadWrite.All
Can those be granted to only scope to specific groups?
Would the Azure AD connector application using it have to get permissions domain / tenant wide or could it be scoped to just specific AD objects?
Any scoping is done within AADConnect.
Groups can only be scoped as part of a pilot
6 people are following this question.