Hybrid SharePoint farm with Microsoft 365

Microsoft Entra ID
SQL Server
Windows Server
Microsoft 365

Solution ideas

This article is a solution idea. If you'd like us to expand the content with more information, such as potential use cases, alternative services, implementation considerations, or pricing guidance, let us know by providing GitHub feedback.

This solution provides a highly available deployment of SharePoint, by using a load-balanced Microsoft Entra instance, a highly available SQL always-on instance, and highly available SharePoint resources.

Potential use cases

This solution addresses the need to deliver a highly available intranet capability, by using the latest and greatest supported platforms.


Architecture diagram shows an intranet layout to users on and off premises. Download an SVG of this architecture.


  1. Create a resource group to host all Azure based infrastructure and services.
  2. Create a virtual network in Azure.
  3. Deploy Windows Servers to host Active Directory services for SharePoint, SQL server service accounts, and machine accounts.
  4. Deploy SQL Server Always-on for high availability (HA) support for the SharePoint farm.
  5. Deploy the SharePoint Server instances. In this scenario, we use two frontend servers with distributed cache and two applications with search roles. This gives us high availability.
  6. Install Microsoft Entra Connect on an on-premises server, to synchronize your identities to Microsoft Entra ID.
  7. Optionally configure Active Directory Federation Services on premises, to support federated authentication to Microsoft 365.
  8. Deploy ExpressRoute or set up a site-to-site VPN link, for administrative access to the servers that are hosted in Azure VMs.
  9. Set up and provision external access to the hybrid farm that's hosted in Azure VMs.
  10. Set up and configure hybrid workloads between Microsoft 365 and the SharePoint farm.


  • Azure Resource Group: Container that holds related resources for an Azure solution.
  • Virtual Network: Provision private networks, and optionally connect to on-premises datacenters.
  • Storage Accounts: Enable durable, highly available, and massively scalable cloud storage.
  • Microsoft Entra ID: Synchronize on-premises directories, and enable single sign-on.
  • SharePoint Server: Microsoft's collaboration server product.
  • Host enterprise SQL Server apps in the cloud.
  • Load Balancer: Deliver high availability and network performance to your applications.
  • Azure ExpressRoute: Dedicated private network fiber connections to Azure
  • VPN Gateway: Establish secure, cross-premises connectivity.
  • Microsoft Entra Connect: Synchronize on-premises directories, and enable single sign-on.
  • Active Directory Federation Services: Synchronize on-premises directories, and enable single sign-on.
  • Hybrid Workloads: Scale between on-premises environments and the cloud.

Next steps