I'm relatively new to Azure and AD Connect, I have a couple of questions and thought I'd ask them here. With AD Connect in the Synchronization two way?....I know that I can write to Azure by making a change to my local AD but does the same apply to my being able to make a change in reverse? In other words can I make a change in Azure prior to Syncing and have that change reflect in my local AD?
Something I've found in my testing is that users cannot logon to Azure using a SAMAccountName that is different than that of the UPN or Mail attribute. In other words if a user has a SAMAccountName that is shannon, and their logon name in Azure is shannon.lastname then the user cannot logon to Azure using shannon that being said we need to devise a plan to change the logon name in Azure to match the SAMAccountName, as we will be leveraging Azure for MFA against our VPN.
Something to note here is that this currently these two environments are managed and treated as two separate entities and currently are not synchronized. Local AD is present with present as is O365. So a user can have a completely separate set of credentials to logon to either platform. Thank you in advance for your assistance with this.