Hi @Sash
The hash synchronization method is very simple to implement it. You don't need to install a additional servers like PTA and federation method. If you choose this method, the user will be able to use the same password to access on a service hosted in Entra (like Exchage online , Sharepoint online ..ect), and authenticated by Entra ID. If you want forward all user authentication request to active directory and avoid enable hash synchronization between your active directory and Entra ID , you have 2 options PTA and federation. For more information , you can read the following article:
Choose the right authentication method for your Microsoft Entra hybrid identity solution
For more information about 3 SSO methods, please refer to the following links:
- What is pass-through authentication (PTA)?
- What is federation?
- What is password hash synchronization with Microsoft Entra ID?
Please don't forget to accept helpful answer