Hi.
We're currently using AAD for M365 E3 (for emails and so on) on our primary company internet domain (let's call it company.com).
We have on-premise Active Directory domain ad.company.com and we want to configure Azure MFA for the on-premise AD (users). My question is, when connecting the on-prem AD with AAD using AD Connect, should I use the existing tenant with the company.com primary domain (and add another domain (in this case the ad.company.com) and sync to that (what will happen to the existing AAD users in this case?) or create a new tenant specifically for this?
If I should create new tenant, will we have to buy additional licenses to get conditional access for the synced users or will they be covered by the E3 subscription?
Thanks in advance