何謂 Azure AD Connect?What is Azure AD Connect?

Azure AD Connect 是一種 Microsoft 工具,其設計目的是要符合並完成混合式身分識別的目標。Azure AD Connect is the Microsoft tool designed to meet and accomplish your hybrid identity goals. 它可提供下列功能:It provides the following features:

  • 密碼雜湊同步處理 - 一種將使用者內部部署 AD 密碼的雜湊與 Azure AD 同步的登入方法。Password hash synchronization - A sign-in method that synchronizes a hash of a users on-premises AD password with Azure AD.
  • 傳遞驗證 - 一種登入方法,可讓使用者在內部部署環境與雲端中使用相同的密碼,但不需要額外的同盟環境基礎結構。Pass-through authentication - A sign-in method that allows users to use the same password on-premises and in the cloud, but doesn't require the additional infrastructure of a federated environment.
  • 同盟整合 - 同盟是 Azure AD Connect 的選用組件,可用來以內部部署 AD FS 基礎結構設定混合式環境。Federation integration - Federation is an optional part of Azure AD Connect and can be used to configure a hybrid environment using an on-premises AD FS infrastructure. 它也提供 AD FS 管理功能,例如憑證更新及額外的 AD FS 伺服器部署。It also provides AD FS management capabilities such as certificate renewal and additional AD FS server deployments.
  • 同步處理 - 負責建立使用者、群組及其他物件。Synchronization - Responsible for creating users, groups, and other objects. 此外,也確保您內部部署使用者和群組的身分識別資訊與雲端相符。As well as, making sure identity information for your on-premises users and groups is matching the cloud. 此同步處理也包括密碼雜湊。This synchronization also includes password hashes.
  • 狀況監控 - Azure AD Connect Health 可以提供健全監控,並在 Azure 入口網站中提供檢視此活動的中央位置。Health Monitoring - Azure AD Connect Health can provide robust monitoring and provide a central location in the Azure portal to view this activity.

何謂 Azure AD Connect

何謂 Azure AD Connect Health?What is Azure AD Connect Health?

Azure Active Directory (Azure AD) Connect Health 可為您的內部部署身分識別基礎結構提供健全的監視功能。Azure Active Directory (Azure AD) Connect Health provides robust monitoring of your on-premises identity infrastructure. 它可讓您維持與 Office 365 和 Microsoft Online Services 的可靠連線。It enables you to maintain a reliable connection to Office 365 and Microsoft Online Services. 藉由為您的關鍵身分識別元件提供監視功能,便得以達成此可靠性。This reliability is achieved by providing monitoring capabilities for your key identity components. 此外,它還可讓您輕鬆存取這些元件的相關關鍵資料點。Also, it makes the key data points about these components easily accessible.

這些資訊會呈現在 Azure AD Connect Health 入口網站中。The information is presented in the Azure AD Connect Health portal. 請使用 Azure AD Connect Health 入口網站來檢視警示、效能監視、使用情況分析等資訊。Use the Azure AD Connect Health portal to view alerts, performance monitoring, usage analytics, and other information. Azure AD Connect Health 就像功能濾鏡,可讓您集中監控重要身分識別元件的健康狀態。Azure AD Connect Health enables the single lens of health for your key identity components in one place.

Azure AD Connect Health 是什麼

為何要使用 Azure AD Connect?Why use Azure AD Connect?

將內部部署目錄與 Azure AD 整合可提供一個通用身分識別來存取雲端和內部部署資源,讓使用者變得更有生產力。Integrating your on-premises directories with Azure AD makes your users more productive by providing a common identity for accessing both cloud and on-premises resources. 使用者和組織可以利用:Users and organizations can take advantage of:

  • 使用者可以使用單一身分識別來存取內部部署應用程式和雲端服務,例如 Office 365。Users can use a single identity to access on-premises applications and cloud services such as Office 365.
  • 單一工具即可提供輕鬆進行同步處理和登入的部署經驗。Single tool to provide an easy deployment experience for synchronization and sign-in.
  • 提供您案例的最新功能。Provides the newest capabilities for your scenarios. Azure AD Connect 會取代舊版的身分識別整合工具,如 DirSync 和 Azure AD Sync。如需詳細資訊,請參閱 混合式身分識別目錄整合工具比較Azure AD Connect replaces older versions of identity integration tools such as DirSync and Azure AD Sync. For more information, see Hybrid Identity directory integration tools comparison.

為何使用 Azure AD Connect Health?Why use Azure AD Connect Health?

搭配 Azure AD 時,使用者會更具生產力,因為會有一個可同時存取雲端和內部部署資源的通用身分識別。When with Azure AD, your users are more productive because there's a common identity to access both cloud and on-premises resources. 確保環境可靠以便讓使用者能夠存取這些資源,已變成一項挑戰。Ensuring the environment is reliable, so that users can access these resources, becomes a challenge. Azure AD Connect Health 可協助您監視及深入了解內部部署身分識別基礎結構,藉此確保此環境的可靠性。Azure AD Connect Health helps monitor and gain insights into your on-premises identity infrastructure thus ensuring the reliability of this environment. 使用方式相當簡單,您只需將代理程式安裝在各個內部部署身分識別伺服器中即可。It is as simple as installing an agent on each of your on-premises identity servers.

在 Windows Server 2008 R2、Windows Server 2012、Windows Server 2012 R2 和 Windows Server 2016 上,適用於 AD FS 的 Azure AD Connect Health 支援 AD FS 2.0。Azure AD Connect Health for AD FS supports AD FS 2.0 on Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. 它也支援監視可驗證外部網路存取的 AD FS Proxy 或 Web 應用程式 Proxy 伺服器。It also supports monitoring the AD FS proxy or web application proxy servers that provide authentication support for extranet access. 藉由輕鬆且快速地安裝健康情況代理程式,適用於 AD FS 的 Azure AD Connect Health 可提供您一組重要功能。With an easy and quick installation of the Health Agent, Azure AD Connect Health for AD FS provides you a set of key capabilities.

重要優勢和最佳做法:Key benefits and best practices:

主要權益Key Benefits 最佳做法Best Practices
強化的安全性Enhanced security 外部網路鎖定趨勢Extranet lockout trends
失敗的登入報告Failed sign-ins report
在符合隱私權規範中In privacy compliant
取得所有重大 ADFS 系統問題的警示Get alerted on all critical ADFS system issues 伺服器設定和可用性Server configuration and availability
效能和連線能力Performance and connectivity
定期維護Regular maintenance
容易部署及管理Easy to deploy and manage 快速代理程式安裝Quick agent installation
代理程式自動升級至最新版Agent auto upgrade to the latest
幾分鐘內就可在入口網站中取得資料Data available in portal within minutes
豐富的使用計量Rich usage metrics 應用程式使用量排名Top applications usage
網路位置與 TCP 連線Network locations and TCP connection
每一部伺服器的權杖要求數Token requests per server
良好的使用者體驗Great user experience 來自 Azure 入口網站的儀表板方式Dashboard fashion from Azure portal
透過電子郵件警示Alerts through emails

使用 Azure AD Connect 的授權需求License requirements for using Azure AD Connect

在您的 Azure 訂用帳戶中免費使用此功能。Using this feature is free and included in your Azure subscription.

使用 Azure AD Connect Health 的授權需求License requirements for using Azure AD Connect Health

使用此方法需要 Azure AD Premium P1 授權。Using this feature requires an Azure AD Premium P1 license. 若要尋找適用於您需求的正確授權,請參閱 比較 Free、Basic 及 Premium 版本的正式運作功能To find the right license for your requirements, see Comparing generally available features of the Free, Basic, and Premium editions.

後續步驟Next steps