Azure AD Connect (AADC) is an identity synchronization tool from Microsoft, responsible for synchronizing identity data from the local directory service to Azure Active Directory (AAD). Microsoft is announcing that the Azure AD Connect identity synchronization tool is giving way to a successor and will likely be retired in the future. Microsoft's announcement states that the successor, Azure AD Connect Cloud Sync, will take over completely.
Microsoft announcement
The Azure AD Connect Cloud Sync (hereafter only Cloud Sync) reasonably performs the same task as the existing product. However, it is no longer based on the Azure AD Connect application, but on the Azure AD provisioning agent. This agent was already released for download by Microsoft in an initial version in January 2019. With Microsoft's announcement as of the end of 2022, it is noted that the existing Azure AD Connect will be discontinued once Cloud Sync has achieved full parity. So it's worth getting familiar with Cloud Sync. Sooner or later, existing installations will be due for a migration. It is therefore important to understand the differences.
Differences between Azure AD Connect and Cloud Sync
The main difference between the two tools is that the synchronization service and its management and configuration is no longer done locally on the server, but in the cloud.
Locally, Cloud Sync only requires a lightweight agent to be installed for connectivity, authentication and authorization. With Cloud Sync, Microsoft automatically provides a highly available and reliable next-generation synchronization architecture at no cost. By moving from the core of the synchronization service, another benefit is that Cloud Sync is continuously maintained and updated by Microsoft. This reduces internal or even external operation and maintenance costs. The creation of the service in the cloud is also simple and quickly realized.
Since parity of the two tools (AADC and Cloud Sync) has not yet been achieved, essential functionality differences still exist. I would therefore like to highlight the following missing functions in particular.
- Support for device objects
- Synchronization of custom AD attributes
- Support for Pass-Through Authentication
- Object filter based on attributes
- Support for group- und device writeback
- …
A full comparison of functionality can be found at this link.
Decision basis for tool selection
As shown above, Cloud Sync has not yet reached full parity with AADC and is therefore not suitable for all environments today. However, it is assumed that the majority of all existing AADC environments could already be replaced with Cloud Sync today.
Basically, you can easily decide which tool to use. You have to answer the following list of questions.
- Do you want to synchronize custom attributes?
- Do you want to use Hybrid Azure AD Join?
- Do you want to use Exchange Hybrid or place mailboxes and contacts in a different AD forest than the user accounts?
- Do you have more than 250'000 objects you want to synchronize?
- Do you want to filter the synchronization based on AD attributes?
If you answer "YES" to any of the questions, then AADC is still the right tool for now. If not, you should consider migrating to Cloud Sync.
Note:
Microsoft provides a wizard in the M365 Admin Center for analysis and decision making. Click here, to get to the wizard.
Migration path to Cloud Sync
Azure AD Connect Cloud Sync can be run in parallel with AADC. This enables both a pilot operation and a step-by-step migration. Microsoft describes the procedure for a pilot operation in detail under this link.
Recommendation
Since Microsoft is already looking at the end of Azure AD Connect, it is recommended that organizations check their circumstances against the questionnaire provided above. If the organization can already ensure a migration with consideration of the functionalities, such a migration with preceding pilot operation should be considered. For all organizations that are dependent on functions that are not yet available (e.g. Exchange Hybrid), it is important to continue to wait and follow the updates from Microsoft to Cloud Sync for the time being.
Sources:
English 
German