What is Microsoft Entra Connect?

Entra Connect is an on-premises Microsoft application that's designed to meet and accomplish your hybrid identity goals.

Entra Connect provides the following features:

• Password hash synchronization - A sign-in method that synchronizes a hash of a users on-premises AD password with Microsoft Entra ID.

• Pass-through authentication - A sign-in method that allows users to use the same password on-premises and in the cloud, but doesn't require the additional infrastructure of a federated environment.

• Federation integration - Federation is an optional part of Entra Connect and can be used to configure a hybrid environment using an on-premises AD FS infrastructure. It also provides AD FS management capabilities such as certificate renewal and additional AD FS server deployments.

• Synchronization - Responsible for creating users, groups, and other objects. As well as, making sure identity information for your on-premises users and groups is matching the cloud. This synchronization also includes password hashes.

• Health Monitoring - Entra Connect Health can provide robust monitoring and provide a central location in the Azure portal to view this activity.

For synchronization, you first need to install Entra Connect on a domain-joined server in your on-premises data center. The synchronization is then controlled by a scheduler. The scheduler imports, syncs, and export changes. By default, a sync task runs every 30 minutes. By default, the sync is one way: from on-premises AD to Entra ID. However, you can configure the writeback function to sync changes from Microsoft Entra ID back to your on-premises AD. That way, for instance, if a user changes their password using the Microsoft Entra ID self-service password management function, the password will be updated in the on-premises AD.