Hybrid Identity — Solving Microsoft 365

Hybrid identity is the architecture where on-premises Active Directory Domain Services (AD DS) and Microsoft Entra ID are kept in sync, so users have one effective identity across both worlds. Synchronisation is done via Microsoft Entra Connect (the older heavyweight sync engine) or Microsoft Entra Cloud Sync (the newer cloud-managed agent). Authentication can flow via Password Hash Sync (PHS), Pass-Through Authentication (PTA), or Federation (AD FS). Most enterprises with existing AD run hybrid for years during their cloud-only journey. Microsoft's strategic direction is cloud-only identity (Entra-joined devices, no on-prem AD), but hybrid will be common for many years yet.