Plan for Microsoft Entra Connect for user identities

  • 9 minutes

To keep Windows Server Active Directory in sync with Microsoft Entra ID, you can configure Microsoft Entra Connect (for hybrid organizations).

What is Microsoft Entra Connect

Microsoft Entra Connect is the Microsoft tool designed to meet and accomplish your hybrid identity goals. It provides the following features:

Diagram that shows hash of a users on-premises AD password with Azure AD.

  • Pass-through authentication - A sign-in method that allows users to use the same password on-premises and in the cloud, but doesn't require more infrastructure of a federated environment.

Diagram that shows how to use the same password on-premises and in the cloud.

  • Federation integration - Federation is an optional part of Microsoft Entra Connect and can be used to configure a hybrid environment using an on-premises AD FS infrastructure. It also provides AD FS management capabilities such as certificate renewal and additional AD FS server deployments.

Diagram that shows how to configure a hybrid environment using an on-premises AD FS infrastructure.

  • Synchronization - Responsible for creating users, groups, and other objects. As well as, making sure identity information for your on-premises users and groups is matching the cloud. This synchronization also includes password hashes.
  • Health Monitoring - Microsoft Entra Connect Health can provide robust monitoring and provide a central location in the Azure portal to view this activity.

Azure Virtual Desktop supports hybrid identities through Microsoft Entra ID, including those federated using Active Directory Federation Services (ADFS).

Since users must be discoverable through Microsoft Entra ID, Azure Virtual Desktop doesn't support standalone Active Directory deployments with ADFS.

The only way to avoid being prompted for your credentials for the session host is to save them in the client. We recommend you only do this with secure devices to prevent other users from accessing your resources.

Windows 10 Enterprise multi-session is currently supported to be Microsoft Entra hybrid joined. After Windows 10 Enterprise multi-session is domain-joined, use the existing Group Policy Object to enable Microsoft Entra registration.