Introduction
Identity synchronization in Microsoft 365 refers to the process of synchronizing user identities and their attributes between an on-premises directory, such as Active Directory, and Microsoft Entra ID in the cloud.
Important
Azure Active Directory (Azure AD) is now Microsoft Entra ID. Learn more.
Identity synchronization actually begins with implementing identity authentication and provisioning. This module examines the authentication and provisioning options available in Microsoft 365. It begins by introducing you to the two identity models in Microsoft 365 - Cloud-ony identity and Hybrid identity. You learn how cloud-only identity enables organizations to maintain their user identities only in the cloud. Conversely, hybrid identity enables organizations to maintain their on-premises Active Directory Domain Services (AD DS) identities and use them for authentication when users access Microsoft 365 cloud services.
This module then examines how the hybrid identity model synchronizes identities between on-premises and cloud directories. In this model, users can access Microsoft 365 services with a single set of credentials. Organizations can centrally manage their identities in their on-premises directory. This design enables organizations to maintain control over their user identities and access to data while also providing users with a seamless experience across on-premises and cloud environments.
You then learn how the hybrid identity model provides three methods of authentication:
- Password hash synchronization
- Pass-through authentication
- Federated authentication
The module concludes by examining how Microsoft 365 commonly uses directory synchronization to synchronize in one direction, from on-premises to Microsoft Entra ID. However, Microsoft's recommended synchronization tool, Microsoft Entra Connect Sync, can write back specific objects and attributes to the on-premises directory. This feature creates a form of two-way synchronization.