Identity Short Course:
Users
For anyone to have access to cloud resources, they will need an identity. An identity is a collection of unique identifiers or attributes. User accounts are a type of identity. We manage these identities in Microsoft Entra ID, Microsoft's cloud-based identity and access management service. There are three types of user accounts.
User Account
Cloud Identity
Hybrid Identity
Guest account
Cloud Identity
A cloud identity exists solely in Microsoft Entra ID and is managed entirely in the cloud. These accounts are created and maintained within the Entra environment without relying on any on-premises infrastructure. They are typically used in organizations that operate fully in the cloud and have no need for on-premises directory services. Examples include accounts for employees in a cloud-only organization or administrators managing cloud resources.
Active Directory User
Active Directory
On-premises
Entra ID
Cloud Identity
Hybrid Identity
A hybrid identity bridges on-premises and cloud environments. User accounts are created in an on-premises directory, such as Active Directory Domain Services (AD DS), and synchronized to Microsoft Entra ID using Microsoft Entra Connect. This allows users to access both on-premises and cloud resources with a single set of credentials. Hybrid identity is commonly used by organizations transitioning to the cloud or those that need to maintain both environments for operational or regulatory reasons.
AD user
Active Directory
Domain Controller
Directory Synchronized identity
Microsoft Entra ID
External Users
Guest accounts in Microsoft Entra ID are external users granted limited access to an organization's resources. They can be categorized into invited guests and B2B collaboration accounts, which differ in how they are managed and used.
User Account
Entra ID
Guest Account
Guest Users
Invited guests are individuals manually added to the organization. They receive a personalized email or link to redeem their access and typically use their existing credentials, such as a work, school, or personal Microsoft account. These accounts are suitable for short-term or project-specific collaborations with limited access to resources.
User Account
Entra ID
External Identity Provier
Guest User
Email invite
B2B Collaboration
A hybrid identity bridges on-premises and cloud environments. User accounts are created in an on-premises directory, such as Active Directory Domain Services (AD DS), and synchronized to Microsoft Entra ID using Microsoft Entra Connect. This allows users to access both on-premises and cloud resources with a single set of credentials. Hybrid identity is commonly used by organizations transitioning to the cloud or those that need to maintain both environments for operational or regulatory reasons.
Entra ID
Guest User
User Account
Entra ID