IMPORTANT Depending on your customer situation, one of these activities must be performed and it’s mandatory. If your customer is using AD FS, you can choose between Azure AD Connect Health agent or AD FS Migration scripts. If your customer is not using AD FS, the Azure AD Cloud App Discovery snapshot is mandatory.
Azure AD Connect Health Agent for AD FS The installation instructions for the AAD Connect Health Agent are available here: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install
Only use the instructions for Azure AD Connect Health Agent installation for AD FS and not for Sync or AD DS. Don’t forget to enable auditing.
In order to validate if the installation has been completed and is working, please go to https://portal.azure.com and log in in with a Security Administrator account or higher privileges account.
Go to the Azure Active Directory portal > Usage and Insights > AD FS application activity. The dashboard should populate with AD FS applications after one hour.
AD FS to Azure AD App Migration scripts If your customer prefers to not install the Azure AD Connect Health agent or if they don’t meet the pre-requisites to run it, you can alternatively run the AD FS to Azure AD App Migration scripts and use the associated reporting tools.
Guidance is provided in the guide here: https://github.com/AzureAD/Deployment-Plans/tree/master/ADFS%20to%20AzureAD%20App%20Migration
Identity Transporter Tool If the customer is using Okta, use Identity Transporter tool.
Guidance on using the Identity Transporter Tool is provided in the guide and video here: https://aka.ms/IdentityTransporter/Resources
Azure AD – Cloud Discovery snapshot report Important. Due to the potential sensitivity of findings shown in the Cloud Discovery reports, we recommend that the customer drive the exploration, assisted and guided by you as the delivery resource. You should have direct input on which items should be further processed and documented in the final Discovery report. You need to agree on who will be responsible for preparing and configuring the below tasks as part of the pre-engagement call.
Complete the following tasks in order:
