One of the first and most important decisions you'll make when you first sign up for Office 365 is which identity is most appropriate for a successful onboarding. Your choice has an impact on several features of Office 365, such as where your user accounts will be managed and how user passwords necessary to sign in are verified. Fortunately, it's simple to move between any of the three available identities should your needs change at any time.
Choosing the Right Office 365 Identity
One of the easiest ways to choose the right Office 365 identity is to start with the simplest model and move on to more complicated ones if your business requires it. Not only does this allow you to begin using Office 365 immediately, but it also keeps your options simple at the start.
Cloud Identity: The Cloud Model creates and manages users in Office 365 and stores user data in your Azure Active Directory (the AAD also verifies password information). This works well for the cloud directory, but no equivalent user accounts are creates on-premise. In essence, administrators need only create users in the Office 365 admin center - nothing more must be configured.
Most organizations that opt for the Cloud Identity:
- have less than 200 users
- have a complex on-premise directory and don't want to integrate
- want a trial run of Office 365
Synchronized Identity: The Synchronized Identity model allows admins to manage user identities on an on-premise server. At the same time, accounts and hashes associated with passwords are synchronized to the cloud, hence the name of the identity. One advantage of this model is that users can enter the same password on-premise and remotely in the cloud. This model verifies passwords using the Azure Active Directory.
Users that opt for the Cloud Identity:
- have an existing on-premise directory and want it to sync with the cloud
- have no need for the Federated Identity options
Federated Identity: As the Federated model does not need the Azure Active Directory to verify password hash, user information is verified by the identity provider on-premise. Administrators can leverage a third-party identity verification tool in conjunction with Office 365 or utilize the Active Directory Federation Services.
Federated Identity users generally meet one of the following requirements:
- currently use AD FS deployment
- use Forefront Identity Manager 2010 R2
- use a third-party federated identity provider
- require custom hybrid application or hybrid search
- have multiple forests in the on-premise Active Directory
Of the three identities, the Cloud model is the most simple, the Federated Identity has the most capability, and the Synchronized Identity is likely the ultimate goal for most small to mid-sized businesses.