Welcome To Airmail Support site.
Is Airmail app supported on Apple M1 processor?
Yes, airmail app is supported on Apple M1 processor.
Airmail Catalina macOS 10.15 support
Airmail works correctly on macOS 10.15 Catalina, some plugins GPG and SMIME may require a new signature to works properly.
How do I add iCloud account that has two-step authentication enabled?
Please enable Two-Step verification on the iCloud accounts as Apple has made it mandatory for the Third party
Apps after June, 15
https://support.apple.com/en-us/HT204397
Please refer to the article here to add the iCloud account in the Airmail
http://docs.airmailapp.com/airmail-for-mac/accounts/two-stepfactor-authentication-airmail-for-macos
Does Airmail support read receipts for iOS?
Airmail for iOS does not support read receipts from the new downloads after May 11, 2017. For users who
have bought the app before May 11, 2017 you can find the documentation here.
Does Airmail support read receipts for macOS?
There is no inbuilt feature for read receipts in Airmail for macOS but there is a plugin available currently for
the read receipts here - plug-in.
Is Airmail app available on the Apple Watch too?
Yes, Airmail supports Apple Watch.
What does Airmail cost - Price - Pricing?
__Airmail for iOS__
Airmail for iOS will require a Premium Subscription which is US $ 9.99 per year and US $ 2.99 monthly.
Previous Users can still use the app with all the features you have purchased for and will receive updates and bugfix. New features may require a premium subscription.
- New Design
- iPad Pro Layout
- Privacy Mode
- Recent Actions
- Sort Messages
- Display labels in messages
- Send Again
- Confirmation of email address prior to sending
- Touch ID: delay before clock
- Scope Action
- All New Features
__Airmail for Mac__
Airmail Pro on Mac is free for all users that are subscribed to Airmail Pro for iOS or have purchased Airmail 3 after 1st January 2019. Previous users can still use Airmail with all the old features under Preferences > General > Airmail Legacy.
New Users can try Airmail without Multi Account, and limited capabilities.
The Airmail Pro subscription has two options:
$2.99 monthly, which offers a 3 days free trial
$9.99 annually, which renew annually.
- New Design (Pro)
- New Smart Inbox (Pro)
- New Search (Pro)
- New Themes (Pro)
- New Rendering (Pro)
- Custom Actions (Pro)
- Customizable Layout (Pro)
- Access to iPhone and iPad (Pro)
Only One Subscription is required for all of your iOS devices running the same Apple ID.
Note: Family sharing is not supported by the subscription plan.
If you have any concerns regarding the pricing model- please contact support.
How to get a refund?
We are sorry but we can not issue a refund directly as the purchases and refunds are handled only by the Apple App Store and you can request one from this link https://reportaproblem.apple.com/
What is the minimum OS X requirement to run Airmail?
Airmail needs a modern Mac running OSX 10.12 or newer, 64 bit processor.
What if I see a message about having the wrong credentials?
This usually means that the password or the email address has been entered incorrectly. Be sure that you have set up an 'app-specific password' on the webmail server settings of the email account if you have enabled the 2 factor authentication or if you require such a password to access IMAP (for example -Fastmail accounts need an app-specific password even if you do not have the two-step authentication enabled).
What if there is slow initialization or a disc space usage issue?
You can avoid downloading message bodies/attachments, and you can also limit the time period for fetching old mails in the settings page as shown in the picture below. This setting can be found in Airmail
Preferences > Accounts > [Account] > More.
Can I use email encryption and digital signatures with Airmail?
Yes, Airmail includes plugin support for both S/MIME and GPGTools encryption. You can signup to be
notified when this beta is released by going to either, or both, of the following URLs, depending on which
type of encryption you prefer to use in Airmail
S/MIME - download link
GPGTools - download link
Does Airmail support IMAP protocol?
Yes
Does Airmail support POP3 protocol?
Yes
Does Airmail support Exchange server email accounts?
Yes. The Exchange server version must be 2007 or later.
Does Airmail support ActiveSync?
Not yet, but we are working to implement this. No ETA is set.
What if the Exchange endpoint URL is not working?
In case the Airmail auto-discovery fails or is not configured on your Exchange server, you can manually enter the Exchange endpoint URL. Usually, you need only the domain name or the server location and
compose the URL as follows, substituting your own “domain.com”:
https://domain.com/ews/exchange.asmx
Then you can test the URL in your browser. If you’re asked for your login credentials, you have successfully created it. Otherwise, the “domain.com” portion of the URL needs modification. If that still fails, talk with
your system administrator.
Can Airmail use iCloud to sync settings across multiple Macs and iOS devices?
Yes, Airmail 2 or later can sync account settings.
Is Airmail only available for purchase on the Mac App Store?
At this time, yes. If you are a business or educational institution you can use Apple’s Volume Purchase program to purchase a large number of copies.
What is your Privacy Policy?
We do not store your messages. If you enable Snooze Sync, the message ID and your email address are used to sync the snoozed message on multiple devices. We are adding more online services, and this may change in the future. Our Privacy Policy is Mac
and iOS.
GDPR and Data Processing
If you enable remote mailbox monitoring, Airmail for iOS may store some user data on our servers. if the app is not used on that specific device for 7 days all data will be removed from our servers.
You can remove your data and all connected services at this link:
https://airmailapp.com/dataremoval or contact us at [email protected] with the emails you want to be removed.
How can I add a label in a Gmail account?
Airmail understands the difference between a “label” in Gmail and a “folder” in other accounts (including
Gmail folders). Select a message and then press “L” or right-click to apply a label.
Can I reinstall Airmail from the Mac App Store without paying again?
Yes. First, uninstall Airmail from your Mac and then reinstall it from the Mac App Store. If you are asked to
pay again, please log out and log in the App Store back again.
What happens when I Archive a message?
The message is moved to the 'Archive' folder or 'All Mail' folder for Gmail accounts.
Can I include the Trash and Spam folders in search results?
Yes. This involves a simple change in Airmail Preferences > Advanced.
Can I delay the sending of a message?
Yes. Airmail has a message sending delay feature that can be found in Airmail Preferences > Composing,
similar to that used in Gmail.
Can I migrate Airmail to a new Mac or new hard drive?
Absolutely. We understand there are times when you will be upgrading to a new Mac or need to change
hard drives.
From the old Mac, copy ~/Library/Containers/it.bloop.airmail2 and then paste it on the new Mac at the same corresponding path. If you still encounter issues, please contact support.
Does Airmail work with a proxy server or VPN?
In some cases Airmail may not work with your proxy server or VPN settings.
The delete/backspace key is archiving a message, but I want it to delete the message. Can I change this?
Yes. In Airmail 3 you can customize keyboard shortcuts under the Actions section of Preferences.
Why don’t I receive a notification for an email that arrives at a certain folder?
If you have rules set up in your email service (such as Gmail) to filter specific incoming messages to a
specific folder other than the inbox, you will not receive a notification sound for these messages in Airmail.
Can I configure Airmail to be my default email client?
Configuring Airmail to be the default email client on your Mac is easy. Go to the Mail app Preferences, General, and select Airmail as the “Default email reader.”
How often does Airmail check my email accounts for new mail?
By default, Airmail checks the inbox continuously (via push sync) for new messages every minute. It checks your folders every 10 minutes. But you can change these settings in Preferences.
Does Airmail support snoozing messages?
Airmail for Mac has supported snoozing messages since version 2.6.
How can I remove a contact or an email address from my Airmail address list?
To remove all auto-suggestion addresses appearing in the Composer, refer to Delete Addresses from Airmail KB tutorial.
I have problems at login. What should I do?
Airmail is compatible with most services, but OKTA, some VPNs, and some firewalls are incompatible and can make it not work at all.
Can I have Airmail save emails somewhere other than the startup disk?
If my Mac has two hard drives, can I have Airmail use the second hard drive (not the startup one) for saving files and app data?
No. Due to sandbox configurations, this is not possible.
Does Airmail always load images from the sender?
Yes, and the image below shows how you can customize this.
Does Airmail has templates?
Yes, Templates are available for both Mac and iOS version of app.
Android version of Airmail?
Airmail does not have an Android version and it also not planned for the near future. If we get a lot of requests - we will surely consider them for the future!
How to use ToDo in Airmail?
Airmail provides you with some extra folders - Todo, Memo, Done to manage your email todo tasks. You can find more details about them here.
Does Airmail support Idle feature?
Yes, Airmail does support Idling (which allows the Airmail app to constantly check for the new messages
when the app is in the background on your Mac) and you can find the option to enable it in Airmail Preferences
> Accounts > [Select an Account] > More > Idle
For iOS, Airmail supports push notifications (for all the account types except POP3) and background fetches for the messages.
If you are facing issues for the message fetch in iOS Airmail version, please check all the settings required for the notifications.
How to include Emoji in Airmail?
When in composer mode, you can choose Menu Bar Edit > Emoji and Symbols as shown here in the screenshot.
How to select multiple emails in Airmail?
For macOS - Hold Command and click on all the messages that you want to select.
For iPhone - Tap and hold on a message to enter the multi-select mode.
For iPad - Double-tap on a message to enter the multi-select mode.
What if the attachments are not moving to Evernote app from the app?
Please make sure that the attachments are already downloaded in the app before sending them to
Evernote app.
Where can I find the Outbox in the Airmail app?
You can find the unsent emails in the Draft folder, it is Outbox in Airmail app.
### Some frequently searched apps or features by the users which are currently not available or
integrated with the Airmail app are listed below:
Grammarly
Slack
Salesforce
Recall
Boomerang
OneNote
Daylite![Agent Agent](/uploads/1/1/8/0/118000047/514097236.jpg)
Disable Notification Center/Set Do Not Disturb to be 24hrs (Notification Center) Booting into your software. Use Login Items in Users and Groups or use a Launch Agent; Keeping the software running at all times Use a Launch Agent to start your app and have the OS keep it running; Rebooting automatically. Remove duplicate network predictions privacy setting; disable some signed exchanges features; ungoogled-chromium-android: patches to block all GCM/GMS/PlayServices integrations; ungoogled-chromium: block all connection requests to substituted domains; disable GVR services build flag; disable HEAD requests for single words typed and clicked in. The manual has an extensive write-up about the DHCP client. I would suggest using the various commands mentioned in that section and the command line reference guide to see which interface is making the DHCP requests. You can use the no ip address dhcp command to disable the DHCP client on an interface. In your web browser, sign in to Azure Pipelines or TFS, and navigate to the Agent pools tab: Navigate to your project and choose Settings (gear icon) Agent Queues. Choose Manage pools. Click Download agent. On the Get agent dialog box, click macOS. Click the Download button. Follow the instructions on the page.
Is Airmail app supported on Apple M1 processor?
Yes, airmail app is supported on Apple M1 processor.
Airmail Catalina macOS 10.15 support
Airmail works correctly on macOS 10.15 Catalina, some plugins GPG and SMIME may require a new signature to works properly.
How do I add iCloud account that has two-step authentication enabled?
Please enable Two-Step verification on the iCloud accounts as Apple has made it mandatory for the Third party
Apps after June, 15
https://support.apple.com/en-us/HT204397
Please refer to the article here to add the iCloud account in the Airmail
http://docs.airmailapp.com/airmail-for-mac/accounts/two-stepfactor-authentication-airmail-for-macos
Does Airmail support read receipts for iOS?
Airmail for iOS does not support read receipts from the new downloads after May 11, 2017. For users who
have bought the app before May 11, 2017 you can find the documentation here.
Does Airmail support read receipts for macOS?
There is no inbuilt feature for read receipts in Airmail for macOS but there is a plugin available currently for
the read receipts here - plug-in.
Is Airmail app available on the Apple Watch too?
Yes, Airmail supports Apple Watch.
What does Airmail cost - Price - Pricing?
__Airmail for iOS__
Airmail for iOS will require a Premium Subscription which is US $ 9.99 per year and US $ 2.99 monthly.
Previous Users can still use the app with all the features you have purchased for and will receive updates and bugfix. New features may require a premium subscription.
- New Design
- iPad Pro Layout
- Privacy Mode
- Recent Actions
- Sort Messages
- Display labels in messages
- Send Again
- Confirmation of email address prior to sending
- Touch ID: delay before clock
- Scope Action
- All New Features
__Airmail for Mac__
Airmail Pro on Mac is free for all users that are subscribed to Airmail Pro for iOS or have purchased Airmail 3 after 1st January 2019. Previous users can still use Airmail with all the old features under Preferences > General > Airmail Legacy.
New Users can try Airmail without Multi Account, and limited capabilities.
The Airmail Pro subscription has two options:
$2.99 monthly, which offers a 3 days free trial
$9.99 annually, which renew annually.
- New Design (Pro)
- New Smart Inbox (Pro)
- New Search (Pro)
- New Themes (Pro)
- New Rendering (Pro)
- Custom Actions (Pro)
- Customizable Layout (Pro)
- Access to iPhone and iPad (Pro)
Only One Subscription is required for all of your iOS devices running the same Apple ID.
Note: Family sharing is not supported by the subscription plan.
If you have any concerns regarding the pricing model- please contact support.
How to get a refund?
We are sorry but we can not issue a refund directly as the purchases and refunds are handled only by the Apple App Store and you can request one from this link https://reportaproblem.apple.com/
What is the minimum OS X requirement to run Airmail?
Airmail needs a modern Mac running OSX 10.12 or newer, 64 bit processor.
What if I see a message about having the wrong credentials?
This usually means that the password or the email address has been entered incorrectly. Be sure that you have set up an 'app-specific password' on the webmail server settings of the email account if you have enabled the 2 factor authentication or if you require such a password to access IMAP (for example -Fastmail accounts need an app-specific password even if you do not have the two-step authentication enabled).
What if there is slow initialization or a disc space usage issue?
You can avoid downloading message bodies/attachments, and you can also limit the time period for fetching old mails in the settings page as shown in the picture below. This setting can be found in Airmail
Preferences > Accounts > [Account] > More.
Can I use email encryption and digital signatures with Airmail?
Yes, Airmail includes plugin support for both S/MIME and GPGTools encryption. You can signup to be
notified when this beta is released by going to either, or both, of the following URLs, depending on which
type of encryption you prefer to use in Airmail
S/MIME - download link
GPGTools - download link
Does Airmail support IMAP protocol?
Yes
Does Airmail support POP3 protocol?
Yes
Does Airmail support Exchange server email accounts?
Yes. The Exchange server version must be 2007 or later.
Does Airmail support ActiveSync?
Not yet, but we are working to implement this. No ETA is set.
What if the Exchange endpoint URL is not working?
In case the Airmail auto-discovery fails or is not configured on your Exchange server, you can manually enter the Exchange endpoint URL. Usually, you need only the domain name or the server location and
compose the URL as follows, substituting your own “domain.com”:
https://domain.com/ews/exchange.asmx
Then you can test the URL in your browser. If you’re asked for your login credentials, you have successfully created it. Otherwise, the “domain.com” portion of the URL needs modification. If that still fails, talk with
your system administrator.
Can Airmail use iCloud to sync settings across multiple Macs and iOS devices?
Yes, Airmail 2 or later can sync account settings.
Is Airmail only available for purchase on the Mac App Store?
At this time, yes. If you are a business or educational institution you can use Apple’s Volume Purchase program to purchase a large number of copies.
What is your Privacy Policy?
We do not store your messages. If you enable Snooze Sync, the message ID and your email address are used to sync the snoozed message on multiple devices. We are adding more online services, and this may change in the future. Our Privacy Policy is Mac
and iOS.
GDPR and Data Processing
If you enable remote mailbox monitoring, Airmail for iOS may store some user data on our servers. if the app is not used on that specific device for 7 days all data will be removed from our servers.
You can remove your data and all connected services at this link:
https://airmailapp.com/dataremoval or contact us at [email protected] with the emails you want to be removed.
How can I add a label in a Gmail account?
Airmail understands the difference between a “label” in Gmail and a “folder” in other accounts (including
Gmail folders). Select a message and then press “L” or right-click to apply a label.
Can I reinstall Airmail from the Mac App Store without paying again?
Yes. First, uninstall Airmail from your Mac and then reinstall it from the Mac App Store. If you are asked to
pay again, please log out and log in the App Store back again.
What happens when I Archive a message?
The message is moved to the 'Archive' folder or 'All Mail' folder for Gmail accounts.
Can I include the Trash and Spam folders in search results?
Yes. This involves a simple change in Airmail Preferences > Advanced.
Can I delay the sending of a message?
Yes. Airmail has a message sending delay feature that can be found in Airmail Preferences > Composing,
similar to that used in Gmail.
Can I migrate Airmail to a new Mac or new hard drive?
Absolutely. We understand there are times when you will be upgrading to a new Mac or need to change
hard drives.
From the old Mac, copy ~/Library/Containers/it.bloop.airmail2 and then paste it on the new Mac at the same corresponding path. If you still encounter issues, please contact support.
Does Airmail work with a proxy server or VPN?
In some cases Airmail may not work with your proxy server or VPN settings.
The delete/backspace key is archiving a message, but I want it to delete the message. Can I change this?
Yes. In Airmail 3 you can customize keyboard shortcuts under the Actions section of Preferences.
Why don’t I receive a notification for an email that arrives at a certain folder?
If you have rules set up in your email service (such as Gmail) to filter specific incoming messages to a
specific folder other than the inbox, you will not receive a notification sound for these messages in Airmail.
Can I configure Airmail to be my default email client?
Configuring Airmail to be the default email client on your Mac is easy. Go to the Mail app Preferences, General, and select Airmail as the “Default email reader.”
How often does Airmail check my email accounts for new mail?
By default, Airmail checks the inbox continuously (via push sync) for new messages every minute. It checks your folders every 10 minutes. But you can change these settings in Preferences.
Does Airmail support snoozing messages?
Airmail for Mac has supported snoozing messages since version 2.6.
How can I remove a contact or an email address from my Airmail address list?
To remove all auto-suggestion addresses appearing in the Composer, refer to Delete Addresses from Airmail KB tutorial.
I have problems at login. What should I do?
Airmail is compatible with most services, but OKTA, some VPNs, and some firewalls are incompatible and can make it not work at all.
Can I have Airmail save emails somewhere other than the startup disk?
If my Mac has two hard drives, can I have Airmail use the second hard drive (not the startup one) for saving files and app data?
No. Due to sandbox configurations, this is not possible.
Does Airmail always load images from the sender?
Yes, and the image below shows how you can customize this.
Does Airmail has templates?
Yes, Templates are available for both Mac and iOS version of app.
Android version of Airmail?
Airmail does not have an Android version and it also not planned for the near future. If we get a lot of requests - we will surely consider them for the future!
How to use ToDo in Airmail?
Airmail provides you with some extra folders - Todo, Memo, Done to manage your email todo tasks. You can find more details about them here.
Does Airmail support Idle feature?
Yes, Airmail does support Idling (which allows the Airmail app to constantly check for the new messages
when the app is in the background on your Mac) and you can find the option to enable it in Airmail Preferences
> Accounts > [Select an Account] > More > Idle
For iOS, Airmail supports push notifications (for all the account types except POP3) and background fetches for the messages.
If you are facing issues for the message fetch in iOS Airmail version, please check all the settings required for the notifications.
How to include Emoji in Airmail?
When in composer mode, you can choose Menu Bar Edit > Emoji and Symbols as shown here in the screenshot.
How to select multiple emails in Airmail?
For macOS - Hold Command and click on all the messages that you want to select.
For iPhone - Tap and hold on a message to enter the multi-select mode.
For iPad - Double-tap on a message to enter the multi-select mode.
What if the attachments are not moving to Evernote app from the app?
Please make sure that the attachments are already downloaded in the app before sending them to
Evernote app.
Where can I find the Outbox in the Airmail app?
You can find the unsent emails in the Draft folder, it is Outbox in Airmail app.
### Some frequently searched apps or features by the users which are currently not available or
integrated with the Airmail app are listed below:
Grammarly
Slack
Salesforce
Recall
Boomerang
OneNote
Daylite
Published on: 01 / 04 / 2019
For Azure AD, Microsoft offers and recommends to use Pass-through Authentication (PTA) as the authentication method. This method is then used to authenticate to applications, services and systems connected to Azure AD, like Office 365, Intune and Power BI.
However, there are a couple of things you should know:
When using Pass-through Authentication (PTA), the servers in your datacenter(s) will not have to be opened up from the Internet through firewalls. Each PTA Agent, sets up an outbound connection to the Azure Service Bus and don’t even need to be placed in a perimeter network.
How To Disable Login Requests On Mac For Scoped Bookmark Agent Search
However, based on ISO/IEC 17799, some organizations have seen reasons to implement standards that don’t allow systems to setup outbound connections to insecure networks, like the Internet, For these organizations, the way PTA works might be problematic.
While on the subject of legal compliance… ISO/IEC 17799 requires session time-outs as part of section 11.5.6. As the documentation states that PTA Agents make persistent outbound HTTPS connections, this control might also prove bothersome.
Of course, Pass-through Authentication (PTA) is the alternative to Active Directory Federation Services (AD FS).
That’s great, because any serious AD FS deployment would require five servers in the datacenter; 2 AD FS Servers, 2 Web Application Proxies en an Azure AD Connect installation. Ideally, the AD FS Servers are placed in different datacenters with an accompanying Web Application Proxy. This may be scoped down by placing AD FS on Domain Controllers, only requiring three new boxes.
Microsoft recommends a minimum of three PTA Agents in your environment. The Azure AD Connect installation that is used to configure PTA, by default, becomes the first PTA Agent. That’s 3 servers for AD FS vs. 3 servers for AD FS? Well, PTA Agents can also be placed on Domain Controllers, so it’s 1 server vs. 3 servers, actually.
There is such a thing as oversizing your PTA deployment too. As authentication requests are placed on the Azure Service Bus with encryption destined for each PTA Agent, having more PTA Agents equals more encryption overhead and a busy service bus…
When an organization deploys multiple PTA Agents, authentication requests are distributed amongst the PTA Agents. Each PTA Agent is capable of authenticating users independently of the other PTA Agent, as long as it has a connection to a functioning Domain Controller and to the Azure Service Bus.
However, Azure AD Connect still is a single point of failure to the solution. When Azure AD Connect doesn’t function (properly):
- objects are not synchronized
- attributes are not synchronized
- the Authentication Method cannot be changed to PTA or Password Hash Sync (PHS) or to include Seamless Single Sign-on (S3O)
(but it can be changed to AD FS through Windows PowerShell)
This may result in authentication and authorization failures.
Active Directory Federation Services (AD FS) offers Extranet Lock-out. In recent versions of Windows Server, it even offers Extranet Smart Lock-out. However, Pass-through Authentication (PTA) doesn’t offer lock-outs natively. Yes, Microsoft’s Machine Learning (ML) might detect malicious authentication attempts and block them, but by that time accounts in Active Directory Domain Services may already be locked-out, when organizations use strict settings in (fine-grained) password and account lock-out policies.
When the Azure AD Smart Lock-out feature is to be used with non-default settings, each account that is used with Pass-through Authentication requires an Azure AD Premium license. These licenses may be acquired separately, or as part of the EMS E3 license or Microsoft 365 E3 license.
When contemplating Azure AD Premium, Azure AD Connect Health might also be of interest. Azure AD Connect Health offers integrated monitoring of Microsoft’s Hybrid Identity stack. We install the Azure AD Connect Health agents for monitoring on the following systems:
- Azure AD Connect installations;
- AD FS Servers;
- Web Application Proxies, and;
- Domain Controllers.
Alas, PTA Agents cannot be monitored with Azure AD Connect Health. This means notifications are not sent when PTA Agents are in trouble and root cause analyses are manual and require access to logs and local tools on the Windows Server installations running PTA Agents.
How To Disable Login Requests On Mac For Scoped Bookmark Agent Dies
However, the PTA Agents are visible in the Azure AD Portal with their external IP addresses:
- Sign into the Azure Portal with an account that has the Global Admin role.
Perform multi-factor authentication and Privileged Identity Management (PIM), when required. - In the Azure Portal, select Azure Active Directory in the left navigation pane.
- Select Azure AD Connect in Azure AD’s navigation pane.
- On the Azure AD Connect pane, click the text Pass-through Authentication.
- Review the PTA Agents and their external IP addresses in the Pass-through Authentication pane.
![Agent Agent](/uploads/1/1/8/0/118000047/514097236.jpg)
When checking PTA Agents in the Azure Portal, you might think that authentication to Azure AD is working flawlessly for your organization, when you see nothing but green check marks.
However, these checkmarks merely indicate that a PTA Agent is authenticated and connected to the Azure Service Bus. It does not mean that it is actually capable of authenticating users. When its connection to a Domain Controller is lost, for some reason, the check mark is there in the Azure Portal, but authentications won’t be possible.
The solution might be to implement Azure AD Connect Health for Active Directory Domain Services (AD DS) and monitor the Domain Controllers that way. Please note that this requires 25 Azure AD Premium licenses in the tenant per Domain Controller, on top of the single license needed for Azure AD Connect Health for the Azure AD Connect installation itself.
Pass-through Authentication (PTA) offers many features. Combined with Seamless Single Sign-on (S3O), it allows for authenticating end-users towards Azure AD-integrated resources.
However, several features that organizations might need are not offered with PTA and S3O. The most glaring feature that is missing has to be certificate-based authentication. If an organization requires certificate-based authentication, AD FS should be on their to-do list.
Many organizations have already deployed multi-factor authentication (MFA) solutions on-premises in the past few years. The previously mentioned ISO/IEC 17799 standard plays a role in that for some organizations. These investments may become technical debt when Pass-through Authentication (PTA) is deployed. End-users require the organization-managed MFA solution to access on-premises resources, but require one of the four Azure AD-managed MFA solutions (Azure MFA, Trusona, DUO and/or RSA) to access cloud resources. From their point of view, this means that when their mobile number and/or their mobile device changes, they have to change settings and/or register twice. With kids these days switching phones and numbers each year, this becomes a force to recognize.
We rarely see a Pass-through Authentication (PTA) implementation without Seamless Single Sign-On (S3O) enabled as an authentication method, too. When you enable S3O, an computer account is created: AzureADSSOAcc. It is created in the Computers container, by default.
It is important to frequently roll over the Kerberos decryption key of this computer account (which represents Azure AD) created in your on-premises AD forest. Azure AD Connect does not notify of this caveat. And to do so, is complicated and cannot be automated without adding credentials of an account with the Global Admin role, configured without MFA, to the script.
Since version 1.2.65 of Azure AD Connect (October 25th, 2018), it supports all other protocols being disabled and only TLS 1.2 being enabled on the machine where Azure AD Connect is installed.
However, when PTA is used as the authentication method and the PTA Agent is installed on the same Windows Server installation as Azure AD Connect, by default, the PTA Agent will not be able to communicate with Azure, when TLS 1.0 is disabled.
It appears the PTA Agent still requires TLS 1.0, for now.