The 3 paths to managing identities in Office 365

Managing Active Directory identities from the Office 365 cloud is not that complicated, but it’s a difficult leap for some admins used to handling their own identity management on-premises through Active Directory for the past 15 years or so. They find it difficult to imagine having that management occur elsewhere, fearing a loss of control.

But moving to Office 365 for Active Directory administration is not an all-or-nothing proposition. There are three paths you can take.

1. Go all-cloud via Azure Active Directory

Let’s say you have a new company looking to use Office 365 for all its communication and collaboration needs. You’ve never set up Active Directory or on-premises servers — and you’d like to keep it that way. In that case, put your users in Office 365 only, using Azure Active Directory to manage them.

2. Sync on-premises Active Directory with the cloud

If you have on-premises Active Directory, you can start with synchronized identity between your on-premises server and Azure Active Directory. With directory synchronization, you can continue to do the management on-premises, as the changes you make to user accounts get synced to Azure Active Directory in the cloud. With this method, you can sync the passwords too, but users will still have to sign in to Office 365 — you get password sync but not single sign-on.