Multi-Azure Active Directory Integration

Sometimes you need to have multiple Azure Active Directories, for example if parts of your organization are based in China or you need to follow government regulations. For each Azure AD directory, you'll need one Azure AD Connect installation.

In a single-forest filtering scenario to multiple Azure ADs, the following needs to be done:

• Azure AD Connect must be configured for filtering
• DNS domain registration is only possible in a single Azure AD
• UPNs of the users on-premises must use separate namespaces
• Federation configuration needs to be customized
• One Azure AD directory can enable Exchange hybrid with the on-premises AD
• Global Address List synchronization needs to be performed through MIM 2016
• Windows 10 devices can only be with one Azure AD tenant
• The SSO option with the password hash synchronization and pass-through authentication activated can work only with one Azure AD tenant
• Group and device write-back scenarios are possible

The following diagram shows the multiple Azure AD situation: