Glossary
Password Hash Sync
A hybrid identity authentication method that synchronises password hashes from AD to Entra ID for cloud-side authentication.
Password Hash Sync (PHS) is the Microsoft-recommended hybrid identity authentication method: Entra Connect or Cloud Sync synchronises a hashed-hash (a hash of the password hash) from on-premises Active Directory to Entra ID. Users then authenticate in Entra ID directly, with no on-prem dependency. Resilient to on-prem outages, supports modern features (Identity Protection, PHS-based leaked-credential detection, MFA), and operationally simple. Compared to Pass-Through Authentication (which routes auth to on-prem AD agents) and Federation (which redirects users to AD FS), PHS is the cleanest and most reliable choice for almost all hybrid scenarios.