I am comparing connecting to on-prem AD in AWS and Azure. The client has it set up in AWS, but the client would like to also move some apps to Azure. The AWS works is by requiring a VPN connection from the cloud to on-prem, then authenticating to on-prem servers. My understanding from reading Azure AD articles is that a VPN connection is not required - the Azure AD Connect tool essentially replicates whatever is on-prem to Azure over SSL. Is this correct?
Also, I recently found out that AWS cannot seamlessly connect multiple different domains in one configuration. My understanding is the Azure AD supports multiple trees/domains but not yet different forests. Can someone please confirm?
The client also would like to move 2 redundant ADFS servers and 2 redundant ADFS proxies to Azure. Can someone provide an article on moving ADFS to Azure?
Lastly, are there any concerns with connecting infrastructure from on-prem to both AWS and Azure? Since both are using on-prem to authenticate, I don't see any issues.