Enable Password hash sync in the cloud agent sync properties in the Azure portal
This will ensure they auth to Azure for any Azure apps.
If they are on-prem and authenticating to a domain controller directly, then this isnt relevant.
Authoratative authentication database in Cloud Sync hybrid scenario
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 84%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBI%3C/text%3E%3C/svg%3E)
Bryce I
121
Reputation points
Hello- I have successfully implemented Cloud Sync to synchronize my on-prem AD to Entra. My AD environment is simple, with a single forest and single domain. When users are onsite, are they authenticating against Active Directory or Entra? If Active Directory, is there a way to "make Entra the boss?" In other words, direct user authentication directly to Entra? When offsite, I'm assuming users authenticate against Entra. Please advise. Thanks
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
Answer accepted by question author
Andy David - MVP
160.3K
Reputation points MVP
Volunteer Moderator
-
Bryce I 121 Reputation points
2024-02-07T21:26:39.6+00:00 Am I correct in the assumptions I listed above? When offsite, will laptop users authenticate directly against Entra, or will they use cached credentials from AD? Feel like I'm missing a piece....
-
Bryce I 121 Reputation points
2024-02-07T21:28:20.94+00:00 Am I correct in the assumptions I made above? When a user logs into an AD-joined laptop offsite, will they authenticate against Entra or use cached AD credentials?
-
Andy David - MVP 160.3K Reputation points MVP Volunteer Moderator
2024-02-07T21:37:10.63+00:00 if there is no line of site to the on prem DCs ( and no line of site to a hypothetical DC in Azure) or you are not leveraging any Azure app for VPN access , the the laptop will use cached creds.
-
Deleted
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Sign in to comment