![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 98%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
Hi @dirkdigs • Thank you for reaching out.
This can be done via Soft-match. Soft-match is used to match existing cloud users in Azure AD with on-premises users. As you have mentioned, there are cloud-only users with mailbox configured in Exchange Online, I would suggest you to do a soft-match using SMTP address as described here: How to use SMTP matching to match on-premises user accounts to Office 365 user accounts for directory synchronization
If you need to match on-premises AD accounts with existing accounts created in the cloud and you are not using Exchange Online, you can use UserPrincipalName soft match. Please refer to UserPrincipalName soft match for more details.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.