cloud-only accounts

%3CLINGO-SUB%20id%3D%22lingo-sub-2242434%22%20slang%3D%22en-US%22%3Ecloud-only%20accounts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2242434%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20still%20trying%20to%20understand%20%E2%80%98cloud-only%E2%80%99%20accounts%20in%20a%20hybrid%20identity%20model%20a%20little%20more.%20In%20a%20setup%20whereby%20the%20majority%20of%20apps%20your%20employees%20use%20are%20hosted%20on%20servers%20in%20your%20local%20%E2%80%98on-premises%E2%80%99%20domain%2C%20but%20users%20use%20the%20MS365%20platform%20for%20certain%20apps%2C%20for%20example%20as%20their%20mailboxes%20are%20in%20Exchange%20Online.%20In%20such%20a%20scenario%2C%20under%20what%20circumstances%20would%20an%20admin%20create%20a%20%E2%80%98cloud-only%E2%80%99%20account%2C%20or%20if%20your%20administer%20setups%20with%20a%20hybrid%20identity%20model%2C%20in%20what%20kind%20of%20scenarios%20would%20you%20create%20a%20%E2%80%98cloud-only%20account%3B%2C%20as%20opposed%20an%20account%20in%20the%20on-prem%20AD%3F%20As%20I%20don't%20work%20on%20the%20admin%20side%20I%20am%20still%20trying%20to%20gauge%20why%20certain%20accounts%20are%20created%20directly%20in%20AzureAD.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2242434%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAdmin%20App%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAdoption%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHybrid%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eidentity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMigration%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOn-Premises%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

I am still trying to understand ‘cloud-only’ accounts in a hybrid identity model a little more. In a setup whereby the majority of apps your employees use are hosted on servers in your local ‘on-premises’ domain, but users use the MS365 platform for certain apps, for example as their mailboxes are in Exchange Online. In such a scenario, under what circumstances would an admin create a ‘cloud-only’ account, or if your administer setups with a hybrid identity model, in what kind of scenarios would you create a ‘cloud-only account;, as opposed an account in the on-prem AD? As I don't work on the admin side I am still trying to gauge why certain accounts are created directly in AzureAD.

1 Reply
There can be a variety of reasons across different organizations, for example you might want to (or already have) get rid of on-premises dependencies. Office 365/Azure AD integrated applications generally dont care whether the account is cloud-only or synchronized, the app experience will be the same. The admin experience on the other hand can and will differ, and this is usually the primary driver for using the hybrid identity model.