Table of Contents
Cloud identity refers to identity management that is hosted entirely on cloud-based platforms. In this model, user accounts and identities are managed in the cloud, without any reliance on on-premises directory services. A popular example of cloud identity is Azure Active Directory (Azure AD), Microsoft’s cloud-based identity and access management service.
Services like Azure AD offer features such as single sign-on (SSO), multi-factor authentication (MFA), and conditional access policies that provide secure access to both cloud and on-premises applications.
An organization using Microsoft 365 services relies exclusively on Azure AD for user authentication when accessing services like Outlook, SharePoint, and OneDrive.
On-premises identity refers to identity management systems that are hosted within an organization’s local network infrastructure. The most common on-premises identity system is Active Directory Domain Services (AD DS), which serves as a centralized directory for managing network resources such as user accounts, groups, computers, and more.
The primary characteristic of on-premises identity is that all identity information is stored within the physical confines of the company’s data center, and administrators have full control over the identity infrastructure and security protocols.
A company running Windows Server with AD DS might manage user accounts, enforce password policies, and permissions for file shares within their own data center.
Hybrid identity bridges the gap between cloud identity and on-premises identity, allowing for a more fluid and interoperable approach. In a hybrid identity setup, identities from an on-premises AD DS are synchronized with a cloud service like Azure AD. This ensures that users have a common identity for accessing resources across both environments.
Hybrid identity solutions like Azure AD Connect sync enable synchronization and provide features such as password hash synchronization, pass-through authentication, and federation with AD FS (Active Directory Federation Services).
An employee can log into their computer using AD DS credentials (on-premises) and access both local applications and cloud services like Microsoft Teams or Dynamics 365 without needing separate logins. This creates a seamless user experience.
Aspect | Cloud Identity | On-Premises Identity | Hybrid Identity |
---|---|---|---|
Location | Cloud-based (e.g., Azure AD) | Local network infrastructure (e.g., AD DS) | Combination of both |
Accessibility | Accessible from anywhere with internet access | Typically accessible only within the network | Cloud resources and internal systems are accessible |
Cost Efficiency | OPEX model, pay-as-you-go | CAPEX model, involves hardware investments | Can be optimized by leveraging existing infrastructure |
Scalability | Easily scalable | Limited by physical server capacity | Scalable through the cloud component |
Maintenance | Managed by cloud provider | Maintained by the organization’s IT staff | Shared responsibility |
Disaster Recovery | Often included as a service | Requires a separate DR plan | Can rely on cloud for backup and DR solutions |
Security | Advanced security features integrated | Depends on in-house security measures | Benefits from advanced cloud-based security and on-prem |
Examples | Microsoft 365, Salesforce, AWS | Local Exchange server, In-house applications | Using Azure AD Connect with local AD DS |
Understanding these identity concepts is critical for anyone preparing for the MS-900 Microsoft 365 Fundamentals exam, as they form the foundation for how organizations manage their user identities and secure their IT resources in various deployment scenarios.
Answer: True
Cloud identity is managed fully in the cloud and does not rely on any on-premises servers or infrastructure for authentication or identity management.
Answer: C
On-premises identity model manages users and groups within the confines of an organization’s internal IT infrastructure, typically without requiring internet connectivity.
Answer: True
Hybrid identity solutions involve synchronization and potentially federation between on-premises directories (such as Active Directory) and cloud-based directories (such as Azure Active Directory).
Answer: B
Cloud identity models are dependent on internet connectivity as they are hosted on cloud services, which is not seen as a benefit but rather a requirement.
Answer: C
Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which is a cornerstone of the Microsoft 365 identity model.
Answer: False
A key goal of hybrid identity is to provide a seamless user experience, so password synchronization (or single sign-on) is implemented, allowing users to use the same credentials for both on-premises and cloud services.
Answer: C
Federated identity is used in hybrid scenarios to provide a seamless user authentication experience, allowing users to authenticate across on-premises and cloud environments using a single identity.
Answer: True
Azure AD Connect is a tool that can synchronize and manage identities between on-premises environments and Azure AD, thus integrating SaaS applications like Office 365 with on-premises identity.
Answer: B
Azure AD Connect is the essential component used to integrate on-premises directories with Azure AD, enabling a hybrid identity model.
Answer: False
Hybrid identity models can be very secure and often feature enhanced security measures, as they benefit from the advanced security capabilities provided by cloud services like Azure AD.
Answer: D
AD FS supports single sign-on and identity federation in hybrid identity configurations, allowing secure sharing of identity information between trusted business partners.
Cloud identity refers to using cloud-based identity and access management services to manage user identities, access, and security.
On-premises identity refers to managing user identities, access, and security on local servers or domain controllers, typically using Active Directory (AD).
Hybrid identity refers to a combination of cloud and on-premises identity and access management services, providing a seamless experience for users regardless of where their identities are stored.
Cloud identity management can provide easier management, scalability, and mobility for modern workplaces, while reducing the need for on-premises infrastructure and improving security.
Azure AD Connect is a tool that enables hybrid identity integration between on-premises Active Directory and Azure Active Directory.
Federation is a mechanism that enables organizations to share identity information across different systems and services, allowing users to access resources across organizational boundaries.
Some common hybrid identity scenarios include password synchronization, pass-through authentication, and federation.
Password synchronization is a hybrid identity scenario where the user’s password is synchronized between on-premises Active Directory and Azure Active Directory, enabling a single sign-on experience for users.
Pass-through authentication is a hybrid identity scenario where the user’s on-premises Active Directory credentials are validated by Azure Active Directory, providing secure authentication without storing passwords in the cloud.
Identity federation is a hybrid identity scenario where user identities are securely shared between organizations, enabling users to access resources across organizational boundaries without needing separate accounts.
Organizations can use identity and access management tools such as Azure AD to manage user access across hybrid environments, ensuring consistent security policies and access controls.
Multi-factor authentication (MFA) is a security mechanism that requires users to provide multiple forms of authentication, such as a password and a phone number, to access resources, providing an additional layer of security beyond passwords.
Organizations can use cloud-based identity and access management services such as Azure AD to manage user identities, access, and security in the cloud, providing a seamless experience for users across multiple devices and applications.
Cloud identity refers to managing user identities, access, and security using cloud-based identity and access management services, while on-premises identity refers to managing user identities, access, and security on local servers or domain controllers, typically using Active Directory (AD).
Organizations can use hybrid identity solutions such as Azure AD to achieve a seamless user experience across hybrid environments, providing a single identity for users and enabling access to resources across organizational boundaries.
If this material is helpful, please leave a comment and support us to continue.