To download Azure Active Directory Connection Please click here
To help address these challenges, today we are also releasing a preview of Azure Active Directory Connect Health in the Azure Preview Portal. This feature of Azure Active Directory Premium helps you monitor and gain insight into health, performance and login activity of your on-premises Active Directory infrastructure. While this release supports Active Directory Federation Services (ADFS), we are already working to add support for sync servers in the future.
This release for ADFS has three key capabilities:
- Alerts based on events, configuration information, synthetic transactions and perf data. So, when something goes wrong, or is about to go wrong, we let you know.
- Graphs of login activity that you can pivot multiple ways for easy viewing. These “usage insights,” are accessible when you enable auditing on your ADFS servers. They are based on audits generated when user’s login and tokens are generated for applications.
- Access to key performance indicators across multiple servers, including token request counters, processor, memory, latency, and so forth
Getting this functionality requires downloading and installing an agent on each of your ADFS servers. The Azure AD Connect Health service processes data the agents send to the cloud, displaying alerts and other views into the ADFS service. We support ADFS 2.0 on Windows Server 2008, 2008R2 as well as ADFS in Windows Server 2012 and 2012R2. The agents are supported on ADFS proxy as well as Web Application Proxy servers.
Installing the agent
The first step is to install the agent on each of your ADFS and ADFS proxy/Web Application proxy servers.
- Login into the Azure Preview Portal with your Azure AD global administrator account. This account must also be licensed for Azure AD premium.
Click on the Marketplace tile. Under Identity you will find the Azure AD Connect health extension.
Click on it to enable the service and gain access to Azure AD Connect Health within the portal.
- Click on the Quick Start tile and download the agent onto your ADFS and proxy servers.
Install the agent that you just downloaded.
Fire up a PowerShell window. Use the Register-ADHealthAgent commandlet to configure and register the health agent to securely connect to the Azure AD Connect Health service. You will need admin credentials.
Using the Portal to view the health and usage of ADFS
The portal is comprised of three key views. Let’s dive into some of the details.
The Azure AD Connect Health Alerts section shows you the list of active alerts requiring administrator attention, which are based on ADFS service events, performance counters and configuration information. These could be issues with certificates, connectivity to domain controllers or as simple as detecting that the ADFS service is not running. They can also warn of potential issues.
Selecting an alert reveals more detailed information, as well as resolution steps and links to relevant documentation. You can also view historical data on previously resolved alerts.
Usage analytics provide insight to login activity based on security audits that each of the ADFS servers generates and sends to the Azure AD Connect Health for analysis.
Currently we support two views:
- Successful logins can be viewed by application (relying party trust), network location, authentication method or server. The application pivot is tremendously useful for understanding usage patterns of applications.
- Unique user count shows the number of unique users accessing applications and can be viewed by application (relying party trust).
To select additional metrics, specify a time range, or change the grouping, simply right-click on the usage analytics blade and select Edit Chart.
We will add views in the near future that show the count and type of issuance failures, such as username/password failures, occurring in the system. If you need addition views, we welcome your feedback.
This is a simple, aggregated view of key performance counters collected from your ADFS and proxy servers, including token requests, CPU, memory and latency. It can also help you detect potential balancing issues within your environment.
Using the Filter option at the top of the blade, you view an individual server’s metrics. To change metrics, simply right-click on the monitoring chart under the monitoring blade and select Edit Chart. You can then select additional metrics and specify a time range for viewing the performance data.