ThirdSpace ThirdSpace
ThirdSpace Contact Us
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Page
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Service
  • Solutions
  • People
Load more
05 May 2016

Azure Active Directory Connect Health for AD FS: Stress-free set-up and monitoring

Profile shot of Jamie Vaughan.
Written by Jamie Vaughan

Microsoft has created Azure Active Directory Connect Health for AD FS to help relieve the administrative burden placed on operations.

Readers who have the operational responsibility of managing AD FS will know first-hand the pain of monitoring servers for performance problems. In addition, you need to keep your audit or security department happy with reports of bad login attempts. Don’t forget, you’re also expected to know if there is a service problem when you are away from your desk.

It keeps you busy – and I’m sure more than a little stressed.

What is Azure AD Connect Health for Active Directory Federation Services?

Azure AD Connect Health consists of an agent which is installed onto each of your AD FS and WAP servers. The agent gathers information about various elements of the local machine, AD FS and WAP, and this is periodically sent to your Azure AD Connect Health instance. This is held within your Azure tenancy. The Azure AD Connect Health dashboard displays the data from your AD FS farm in various charts and tables.

Monitoring your AD FS infrastructure with Azure AD Connect Health

As soon as you open the dashboard you can see the status of your AD FS farm(s):

Selecting your Active Directory Federation Services farm opens a new blade where you can see customisable monitoring charts (see screenshot below). This shows the performance of each server, including how many token requests per second. There are also usage charts that show how many tokens have been issued per application, so you can actually see which applications are being used the most.


Within the ‘Alerts’ section, you can quickly see any issues. When you select an issue, it shows current information and any known fixes to resolve it. You can also configure email notifications by clicking the ‘Notification Settings’ button. This lets you notify your operational personnel as soon as a health alert is received. This could mean the difference between having an easy day or a very difficult one.

Watch & Learn – Why migrate to Azure authentication?

Watch & Learn – Why migrate to Azure authentication?

Don't be a slave to ADFS and on-premises authentication processes. Watch this short video now to:

  • Discover the differences in federated vs. managed authentication architecture
  • Understand best practice approaches for migrating your authentication
Watch now

Role-based access control

You can assign roles to users who may have an interest in Azure AD Connect Health. For example, you may want to give your auditing department ‘Reader’ access. This means they can view the dashboard but not make any changes. However, your AD FS operations staff will want to be ‘Owners’. This lets them configure it to their own requirements.


The agent only take a few minutes to install and does not need any additional hardware. However, you will need to enable AD FS auditing if you haven’t already done so. You can do this by running the following line in an elevated PowerShell prompt on each of your AD FS servers:

auditpol.exe /set /subcategory:”Application Generated” /failure:enable /success:enable

The following line will also need to be run on your primary AD FS server (also in an elevated PowerShell prompt) to complete the process:

Set-AdfsProperties -LogLevel Errors,FailureAudits,Information,Verbose,SuccessAudits,Warnings

The agent install can be downloaded from your Azure AD Connect Health portal (look for the ‘Getting started’ blade). An Azure AD organisational account – that is either a ‘Global Admin’ or has the ‘Owner’ or ‘Contributor’ role assigned to it in Azure AD Connect Health dashboard – is required in order to perform the install. Azure AD Premium is also required in order to create the dashboard.

Azure AD Connect Health for AD FS is only one element of Azure AD Connect Health. There is also Azure AD Connect Health for Sync and Azure AD Connect Health for AD DS is coming soon.

Next, discover why many organisations are making the move from on-premises to cloud-based authentication in this video.

Or download ‘The business case for IAM’ e-Guide and become the driving force behind modernisation, cyber security and operational efficiency in your organisation.

Subscribe to the ThirdSpace mailing list and get your free buyer’s guide to Microsoft Enterprise Security

Subscribe to the ThirdSpace mailing list and get your free buyer’s guide to Microsoft Enterprise Security

Submit your business email to join our mailing list and we'll send you 'A buyer’s guide to Microsoft Enterprise Security'.

Profile shot of Jamie Vaughan.

About Jamie Vaughan

CIAM Senior Consultant

Jamie joined ThirdSpace in 2013 after 16 years at Jaguar Land Rover (JLR), where he started as a webmaster and went on to become a developer and then a solution architect. He was part of the team...


You may also like...


How the SolarWinds breach highlights the dangers of federated authentication – and what you can do to protect against it


What is Microsoft Identity Manager (MIM)? Everything you need to know


Uniting disparate directories: What is Azure AD Connect cloud provisioning?

Recent Blog Articles

View All
Related topics

Watch – From ADFS to Azure authentication

Understand best practice approaches for migrating your authentication.

Watch now

Need some help?

Send us your questions or feedback.

Friendly folks are standing by!

Contact Us
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.