3.3 Hybrid Identity and Entra Connect Concepts
Key Takeaways
- Hybrid identity connects existing on-premises identity environments with Microsoft Entra ID.
- Active Directory remains an important directory concept for SC-900 hybrid identity questions.
- Entra Connect concepts appear at a foundational level as directory integration and identity synchronization ideas.
- Federation is a trust concept that can support identity across organizational or system boundaries.
What hybrid identity means
Hybrid identity describes an organization that uses identity across both existing on-premises environments and Microsoft cloud services. Many organizations already have Active Directory and established sign-in practices before they adopt Microsoft Entra ID. The SC-900 level is conceptual: understand that hybrid identity helps those environments work together so users can access cloud resources while the organization keeps continuity with existing directory investments.
- Hybrid identity combines cloud identity with existing directory environments.
- Active Directory is a key directory service concept in these scenarios.
- Microsoft Entra ID provides the cloud identity plane for Microsoft services.
- The goal is consistent identity use across environments, not separate islands of access.
Entra Connect concepts at exam depth
The chapter plan calls out Entra Connect concepts, which you should treat as directory integration ideas for SC-900. At this level, focus on what problem is being solved: identity information from an existing directory can be connected with Entra ID so users and administrators can work with a shared identity model. Avoid turning this into a deep implementation topic. The exam objective is about describing capabilities, not designing every synchronization setting.
| Concept | What to remember |
|---|---|
| Directory integration | Connects existing identity data with cloud identity |
| Synchronization idea | Helps keep identity information aligned across environments |
| Federation idea | Lets trusted identity systems rely on each other |
| Hybrid identity | The umbrella scenario joining on-premises and cloud identity |
Hybrid scenario cues
Questions often signal hybrid identity by mentioning existing Active Directory, on-premises users, federation, or a need to use the same identity experience across cloud services. If the scenario focuses on Microsoft Entra roles or Conditional Access, you may be in an access management topic instead. If the scenario focuses on connecting existing directory users to the cloud identity plane, hybrid identity is the better match.
- Existing directory plus Microsoft cloud access points to hybrid identity.
- Trust between identity systems points to federation.
- Identity data alignment points to synchronization concepts.
- Role assignment or access policy points to later Entra access-management topics.
Scope boundary for SC-900
Hybrid identity can become deep in real projects, but the fundamentals exam keeps the focus on describing capabilities. You should know why an organization would connect existing directory services to Entra ID and why federation appears in identity discussions. You do not need to turn every hybrid clue into a design exercise. The best answer is usually the one that names the identity integration concept directly.
- Existing directory investment: hybrid identity.
- Shared cloud sign-in model: directory integration.
- Trust between identity systems: federation.
- Configuration depth: save that for role-based or administrator exams.
What does hybrid identity primarily describe in the SC-900 Entra domain?
Which clue most strongly points to a hybrid identity scenario?
At SC-900 depth, how should you treat Entra Connect concepts?