Unit 1: Introduction

Overview of Hybrid Identity

Hybrid identity is the foundation for organizations transitioning from on-premises infrastructure to the cloud. It creates a bridge between on-premises Active Directory (AD DS) and Microsoft Entra ID (Azure AD), allowing seamless authentication and authorization across both environments.

In simple terms, hybrid identity ensures that whether a user signs in to a local domain resource (like a shared file server) or a cloud application (like Microsoft 365), they can use one unified identity — a single username and password combination.

Why Hybrid Identity Is Important

Before the cloud era, companies relied solely on on-premises Active Directory. As organizations adopted cloud services such as Microsoft 365, Dynamics 365, and Azure apps, they needed a way to:

• Extend their existing identity management to the cloud.
• Allow users to log in with the same credentials both on-premises and online.
• Ensure consistent security policies and access control regardless of where resources are hosted.

This requirement gave rise to hybrid identity — a combination of on-premises directory services and cloud-based identity management.

Core Goals of Hybrid Identity

• Unified Authentication
• Users should be able to sign in once and access resources in both environments.
• This includes accessing cloud apps (like Microsoft Teams) and on-premises apps published through Azure AD Application Proxy.
• Centralized Identity Management
• IT admins should manage users and security settings in one place — whether the users exist on-premises or in the cloud.
• Synchronization tools like Microsoft Entra Connect ensure consistency between the two identity stores.
• Consistent Security Controls
• Policies such as Conditional Access, MFA, and password policies can be applied uniformly.
• Enables governance and compliance without having to manage two separate identity systems manually.

Real-World Example

Let’s take Contoso Ltd, a manufacturing company that has:

• A legacy on-premises Active Directory domain (contoso.local) used for internal authentication.
• A new Microsoft 365 environment hosted in the cloud (contoso.onmicrosoft.com).

Without hybrid identity, users would have two sets of credentials:

• One for local network resources (e.g., Windows logon, shared drives).
• Another for Microsoft 365 services (e.g., Outlook Online, SharePoint Online).

By deploying Microsoft Entra Connect, Contoso synchronizes its on-premises AD users, groups, and passwords to Entra ID. Now, users can:

• Log into both cloud and on-premises apps using the same credentials.
• Enjoy Single Sign-On (SSO) from their domain-joined PCs.
• Have password resets and account changes automatically reflected in both environments.

Benefits of Hybrid Identity

Exam Tip

Microsoft will often test why hybrid identity is required and which tool enables it. Remember:

• Hybrid identity = on-premises AD + Microsoft Entra ID (formerly Azure AD).
• The key tool enabling synchronization is Microsoft Entra Connect.
• Authentication options include Password Hash Sync (PHS), Pass-Through Authentication (PTA), and Federation (AD FS).

Summary

Hybrid identity allows organizations to:

• Combine existing on-premises directories with cloud identities.
• Offer users a seamless sign-in experience.
• Implement strong, unified security controls across environments.

It’s the cornerstone for modern enterprise identity — making sure the move to the cloud doesn’t break how people sign in, access data, or stay secure.