BIG-IP with APM federation to O365 / Azure AD Connect requiring Web Application Proxy - can we do without WAP?

Hi

 

A customer has new AD/ADFS 3.0 infra and wants federation to Office 365. This can be done with BIG-IP LTM+APM replacing the ADFS proxies. There is a deployment guide and iApp for ADFS supporting ADFS 3.0, but there is no mention of directory synchronization, which is needed between O365 on on-premises AD.

 

Traditionally the synchronization has been implemented with Microsoft's DirSync tool. This Summer Microsoft released a replacement called Azure AD Connect for the DirSync tool. So it will be used.

 

Now it seems to be that the new Azure AD Connect wizard (GUI) requires the installation of the Web Application Proxy (WAP) roles before it can complete. We would like to avoid the WAP servers as it is counterintuitive to replacing them with LTM+APM.

 

Are there any guidelines/instructions/knowhow how to use/configure the new Azure AD Connect tool properly for synchronization without WAP, in a case where BIG-IPs will replace them in the ADFS federation side? Also when running Azure AD Connect wizard, what issues we might face when having F5 instead of WAP if it can be configured so?