![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 22%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAE%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,838 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 22%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Hello Ahmed,
Are you looking to move completely to the cloud or do you want to do a hybrid identity configuration where users are synchronized between your on-premises domain and Entra ID?
Examine the dependencies, services, and applications that are dependent on domain controllers in your present on-premises Active Directory system. Think about topics like DNS, user authentication, Group Policy Objects (GPOs), legacy apps, and third-party services. Recognize your device and user identities, as well as if you require capabilities like password management, hybrid identity, or a smooth on-premises and cloud user experience.
Choosing whether to switch to a totally cloud-based identity architecture or retain certain on-premises components, like a hybrid arrangement with ADFS and MS Entra Connect, is the first step.
Migration-Best-Practices
Identity architecture design
Integrate on-premises Active Directory domains with Microsoft Entra ID
1st Option: Full Migration to Microsoft Entra ID (Cloud-Only Identity): In this model, your identities are entirely cloud-based, and you’ll move away from ADFS or any on-premises Active Directory. You will rely on Azure AD for authentication and management
Transition to the cloud
migrate-from-federation-to-cloud-authentication
2nd Option: Hybrid Identity Model with Azure AD Connect: This setup allows you to sync users, groups, and other Active Directory objects to Microsoft Entra ID while retaining some on-premises components for specific legacy scenarios or regulatory reasons.
Choose the right authentication method for your Microsoft Entra hybrid identity solution
Configure Microsoft Entra hybrid join
What is hybrid identity with Microsoft Entra ID?
Tools:
To sync your on-premises Active Directory with Entra ID, maintain using MS Entra Connect. Investigate features like Federation (for ongoing usage of ADFS or other federated systems), Pass-Through Authentication (for real-time user authentication), and Password Hash Sync (for smooth password synchronization).
Another option for a lighter cloud-based sync solution is Azure AD Connect Cloud Sync.
Best practices: Migrate users/devices in phases; start small, test first. Consider migrating groups of users and devices in phases. Start with a small group to test the process before scaling up. Backup identity data and have a recovery plan.
Monitor migration to prevent service disruption.
Inform users about changes and offer training on new login experiences (e.g., Azure AD Join, MFA).
Use Azure AD Connect Health and Microsoft Sentinel to monitor post-migration hybrid identity.
For a more in-depth understanding, consider watching this https://www.youtube.com/watch?v=L_K1qAwYGCE&t=85s
I hope this clarifies things.
