Synchronized Identities
Start course

Microsoft 365 offers Enterprise Mobility & Security (EMS), Windows 10, and Office 365 to enhance business productivity and security. Because Microsoft 365 offers a variety of services and features, not everything is in the same place. Therefore, we need to navigate within different portals, and familiarity with “what is where” gets really important over time.

In this course, we will have a look at some of the most common tasks to be performed by Microsoft 365 administrators related to Azure AD identities, how to secure your environment by assigning the correct permissions to your users, and how to reduce administrative overhead. We’ll do various tasks in different ways by using the Microsoft 365 Admin Center, the Azure portal, and even use Windows PowerShell for automating bulk actions.

Choosing the right type of identity for your current infrastructure is the first step for any successful Microsoft 365 deployment.

Learning Objectives

  • Plan Azure AD Identities
  • Manage Users and Groups
  • Manage User Access with Access Reviews
  • Manage Passwords and Password Policies
  • Implement Self-Service Password Reset (SSPR)
  • Manage Product Licenses

Intended Audience

  • People preparing for Microsoft’s MS-100 exam
  • Microsoft 365 Administrators


  • Experience with Microsoft 365
  • Experience with the Azure portal
  • Experience with PowerShell

One of the most common identity models is called Synchronized Identities. And here we have two options available. 

The first one is called the password hash sync. You have your directory objects that are synchronized from your on-premises directory to the cloud. You manage your users and groups on-premises and the hashes of passwords are synchronized. If you change your password or reset your password on-premises, then the new password hash will be synchronized to the cloud. And you can also integrate with the seamless Single Sign-On, also known as SSO, to automatically sign in when you are in your corporate network. 

The second one is called the pass-thru authentication. Again, you have your directory objects that are synchronized from on-premises to the cloud. You also manage your users and groups on-premises. But here we need to install a software agent on one or more on-premises servers for authentication. And instead of sending hashes of passwords to the cloud, the validation of user's credentials is actually happening on-premises. And again, you can also integrate with the Single Sign-On to automatically sign when you are on your corporate network. 

The first option, with the password hash sync, is the simplest way to integrate your on-premises objects with the cloud. But if your company policies require the authentication to occur on-premises, then the pass-thru authentication would be right for you.

About the Author

Veronique is a SharePoint and Office 365 consultant for an IT company based in Glasgow, UK. She loves photography, the outdoors, and long walks with her two dogs! You can follow Veronique on Twitter @veronicageek or read her blog at