Synchronized Identity with Pass-Through Authentication – Understand Identity and Access Management Solutions

Audit Retention Policies Describe Identity Concepts Microsoft Certification Exam Microsoft MS-900

Synchronized Identity with Pass-Through Authentication

Pass-through authentication is an authentication method that, like standard synchronized identity, replicates user account information to Azure AD. However, in the default pass-through authentication configuration, no password hashes are synchronized. Instead, password validation happens in the on-premises environment.

After this option is configured, AAD Connect Setup installs an authentication agent on the AAD Connect server that maintains a persistent outbound connection to Azure AD. Then the Azure AD authentication agents are registered with the Azure AD service. Since pass-through authentication relies on the on-premises infrastructure to validate login requests, it is recommended that you install multiple pass-through authentication agents for redundancy. The Azure AD authentication agent’s service communication is secured with public-key cryptography. Each agent has its own public and private keys, which are used in the authentication process.

When a user attempts to sign into a resource protected by Azure AD authentication, the sign-in process encrypts the user’s identity with the public keys of all the registered Azure AD authentication agents and places this request in a queue. Through the persistent connection maintained by the AAD Connect authentication agent, an on-premises agent picks up the request in the queue, decrypts it with its private key, and then validates the credentials against the on-premises Active Directory environment. The response (success, failure, password expired, or locked out) is returned to the Azure AD service to complete the sign-in process.

Azure AD pass-through authentication only requires outbound connectivity on port 443 from the AAD Connect server and any additional servers where redundant pass-through authentication agents have been configured.

Pass-Through Authentication Deep Dive

You can learn more about pass-through authentication at https://docs.microsoft. com/en-us/azure/active-directory/hybrid/how-to-connect-pta-how-it-works.

In the next section, you will explore the concepts of federated identity.

Tags:

Lucy Weismann

Learn More

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Audit Retention Policies Describe Identity Concepts Describe the Zero-Trust Model Microsoft Certification Exam Microsoft MS-900 Synchronized Identity with Pass

Team Insights – Describe the Analytics Capabilities of Microsoft 365

By Lucy Weismann

Team Insights In addition to the personal insights available to all users, individuals in managerial roles can access manager-level insights, also referred to as teamwork habits or team insights. These insights arecentered around collective data and trends derived from team members and are presented in an anonymized format. These trends may encompass work-related behaviors, such ...

Read More
Audit Retention Policies Microsoft Certification Exam Microsoft MS-900

Advanced Insights – Describe the Analytics Capabilities of Microsoft 365

By Lucy Weismann

Advanced Insights Advanced insights allow business analysts to deep-dive into the data collected by Viva Insights. For example, analysts can write custom queries to explore meeting metrics or other quantitative datasets. Advanced Insights To learn more about Advanced insights features, please see https://learn.microsoft. com/en-us/viva/insights/advanced/introduction-to-advanced-insights. Viva Insights has its own role, Viva Insights admin. With this ...

Read More
Describe Identity Concepts Microsoft Certification Exam Microsoft MS-900

Describe Identity Concepts – Understand Identity and Access Management Solutions

By Lucy Weismann

Describe Identity Concepts When describing how users access Microsoft 365 services, the identity and authentication processes are the key concepts to understand. In this section, you will learn three core identity models (as well as some sub-features of each) and how they work in the context of Microsoft 365. The three models are as follows: ...

Read More