Here are the basic components of cloud-only identity.īoth on-premises and remote (online) users use their Azure AD user accounts and passwords to access Microsoft 365 cloud services. Cloud-only identity is typically used by small organizations that do not have on-premises servers or do not use AD DS to manage local identities.
Users can use the same credentials when accessing on-premises or cloud-based resources.Ī cloud-only identity uses user accounts that exist only in Azure AD.
No extra directory tools or servers required. Organizations using AD DS or another identity provider. Organizations that do not have or need an on-premises AD DS. The Azure AD tenant for your Microsoft 365 subscription either handles the authentication process or redirects the user to another identity provider. The Azure AD tenant for your Microsoft 365 subscription performs the authentication with the cloud identity account. How Microsoft 365 authenticates user credentials The user account in Azure AD might also include a hashed version of the already hashed AD DS user account password. User account exists in AD DS and a copy is also in the Azure AD tenant for your Microsoft 365 subscription. User account only exists in the Azure AD tenant for your Microsoft 365 subscription. Here are the two types of identity and their best fit and benefits. You can maintain your organization's identities only in the cloud, or you can maintain your on-premises Active Directory Domain Services (AD DS) identities and use them for authentication when users access Microsoft 365 cloud services. To plan for user accounts, you first need to understand the two identity models in Microsoft 365. Your first planning choice is your cloud identity model.