Skip to content

TechDirectArchive

Hands-on IT, Cloud, Security, Veeam & DevOps

  • Home
  • About
  • Advertise With US
  • Contact
  • Reviews
  • Toggle search form

Azure Active Directory integration with on-premise AD using PTA

Posted on 02/02/202013/03/2026 IT Expert By IT Expert No Comments on Azure Active Directory integration with on-premise AD using PTA
  1. Home
  2. AWS/Azure/OpenShift
  3. Azure Active Directory integration with on-premise AD using PTA

In this guide, you shall learn how Pass-Through Authentication works: Azure Active Directory integration with on-premise AD using PTA. Azure Active Directory (AAD) is a Microsoft cloud-based multi-tenant directory that provides identity and access management capabilities in the cloud. It provides MFA to help protect users from 99.9% of cybersecurity attacks. Please, see Unicode Manipulation: CVE-2026-25177 Privilege Escalation in AD, and Pass-Through Authentication: Azure AD Connect Tool status displays inactive.

This is the backbone of the Office 365 system. It can sync with the on-premise Active Directory and provide authentication to other cloud-based systems via OAuth. It helps employees sign in and access resources or internal resources. Such as apps on your corporate network and intranet, along with any cloud apps developed by your own organization.

Microsoft Azure Active Directory is becoming Microsoft Entra ID. Microsoft Entra was introduced in May of 2022. It includs three products: Microsoft Azure Active Directory (Azure AD), Microsoft Entra Permissions Management, and Microsoft Entra Verified ID.

Pass-through authentication (PTA) allows users to sign in to both on-premises and cloud-based applications using the same passwords. Here, you do not have to care about SSO.

Please see the following guide Azure Active Directory integration with on-Premise AD using PTA for more information. Also, see this guide for reasons to deploy AAD. How to set up Azure AD Tenant, how to add or delete users, and set permissions in Azure Active Directory, and how to use the built-in AAD Connect troubleshooting tool.

How does Pass-Through Authentication work

Take a look at this link to see various options that are possible for Integrating Azure Active Directory with on-Premise Active Directory.

Microsoft

Note: No passwords in the cloud, all authentications have to be performed on-premises. Therefore, when users sign in using Azure AD, this feature validates users’ passwords directly against your on-premises Active Directory.

An alternative to this method is the Azure AD Password Hash Synchronisation. In this method, the authentication happens in the cloud. See the link below for methods for integrating Azure Active Directory with on-Premise Active Directory.

Steps on how PTA works

On-premises, you have an agent (Microsoft AAD App Proxy Connector) constantly polling your Azure AD to check if there are credentials up to date. It is worth noting that, it is your agent that is constantly contacting Azure AD and not Azure AD contacting your agent. So there are no incoming ports to open.

  1. When the user types its credentials. They are put in a queue in Azure AD and retrieved by the on-premises agent.
  2. The agent verifies them and updates the queue with something like “good creds” or “bad creds”.
  3. Azure AD validates the authentication or prompts the user for its credentials again if they were incorrect.

So, it is great to know that we don’t rely on ADFS to authenticate but still do not have SSO for your domain-joined machines. As of the time of this writing, there is currently a preview feature as described by Pierre Audonnet [MSFT]. He explained that there is currently a new preview feature called the Azure AD Connect Seamless SSO.

This means you will have SSO functionalities for domain-joined machines when they are connected on-premise, just like you had an ADFS farm.

Please see how to Configure Windows LAPS Management with Microsoft Intune, How to sync on-premises AD with Azure AD via Azure AD Connect, and Pass-Through Authentication Authentication and ADFS environment setup on Hyper-V for Hybrid Identity integration.

Difference between AD FS and PTA

Note: The major difference between AD FS and PTA is that, outside the complexity of AD FS, it enables us to support other methods of Password Authentication, 3rd party MFA, and Smart card authentication PTA is able to perform seamless SSO using Kerberos

I hope you found this blog post helpful on “Pass-Through Authentication Principle: Azure Active Directory integration with on-premise AD using PTA”. If you have any questions, please let me know in the comment session.

5/5 - (1 vote)

Thank you for reading this post. Kindly share it with others.

  • Share on X (Opens in new window) X
  • Share on Reddit (Opens in new window) Reddit
  • Share on LinkedIn (Opens in new window) LinkedIn
  • Share on Facebook (Opens in new window) Facebook
  • Share on Pinterest (Opens in new window) Pinterest
  • Share on Tumblr (Opens in new window) Tumblr
  • Share on Telegram (Opens in new window) Telegram
  • Share on WhatsApp (Opens in new window) WhatsApp
  • Share on Mastodon (Opens in new window) Mastodon
  • Share on Bluesky (Opens in new window) Bluesky
  • Share on Threads (Opens in new window) Threads
  • Share on Nextdoor (Opens in new window) Nextdoor
AWS/Azure/OpenShift Tags:AAD, Azure, Azure AD, Azure AD Tenant, Azure Domain Services, Entra ID, EntraID, Microsoft Azure, Microsoft Azure Active Directory, Pass-Through Authentication. PTA

Post navigation

Previous Post: Guide on federating ADFS with Azure Active Directory
Next Post: Windows 10 Feature and Quality Updates

Related Posts

  • add subheading 5 4
    Access EC2 Linux Instance via the Password AWS/Azure/OpenShift
  • FEATUREDC
    How to create Confidential VMs in Azure AWS/Azure/OpenShift
  • feature image app services
    How to Migrate Azure Web Apps AWS/Azure/OpenShift
  • BLOG LOGO
    How to create a static pod in Kubernetes AWS/Azure/OpenShift
  • redirects3endpoint
    How to redirect requests for your bucket’s website endpoint to another bucket or domain AWS/Azure/OpenShift
  • azure logo 1
    How to use the built-in Azure Active Directory Connect tool AWS/Azure/OpenShift

More Related Articles

add subheading 5 4 Access EC2 Linux Instance via the Password AWS/Azure/OpenShift
FEATUREDC How to create Confidential VMs in Azure AWS/Azure/OpenShift
feature image app services How to Migrate Azure Web Apps AWS/Azure/OpenShift
BLOG LOGO How to create a static pod in Kubernetes AWS/Azure/OpenShift
redirects3endpoint How to redirect requests for your bucket’s website endpoint to another bucket or domain AWS/Azure/OpenShift
azure logo 1 How to use the built-in Azure Active Directory Connect tool AWS/Azure/OpenShift

Leave a Reply Cancel reply

You must be logged in to post a comment.

Microsoft MVP

VEEAMLEGEND

vexpert-badge-stars-5

Virtual Background

GoogleNews

Categories

veeaam100

Veeam Vanguard

  • How to Install Windows Admin Center on Windows 10 11​
    Install Windows Admin Center on Windows 10 and Windows 11 Windows
  • diagnostic6
    How to enable and use Diagnostic Data Viewer on Windows Windows
  • 1 WeXxkEX0JG3oB781HD8Hrg 1
    OOBESETTINGSMULTIPLEPAGE error on Windows 10 Windows
  • Upgrade the embedded PostgreSQL for Veeam Backup and replication
    How to upgrade PostgreSQL Engine used by VBR Backup
  • Windows Admin Center v2   2401 install   2306 to 2311 upgrade
    Upgrade Windows Admin Center 2306 – 2311: Install WACmg 2410 Network | Monitoring
  • Veeam Virtual Appliance for Backup and Restore
    How to setup Veeam Software Appliance v13 Backup
  • How to download install and use Kitty SSH Client on Windows
    How to Download and Use KiTTY SSH Client on Windows Configuration Management Tool
  • Nextcloud installation on macOS
    How to install Nextcloud on Mac JIRA|Confluence|Apps

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,784 other subscribers
  • RSS - Posts
  • RSS - Comments
  • About
  • Authors
  • Write for us
  • Advertise with us
  • General Terms and Conditions
  • Privacy policy
  • Feedly
  • Telegram
  • Youtube
  • Facebook
  • Instagram
  • LinkedIn
  • Tumblr
  • Pinterest
  • Twitter
  • mastodon

Tags

Active Directory Azure Bitlocker Microsoft Windows PowerShell WDS Windows 10 Windows 11 Windows Deployment Services Windows Server 2016

Copyright © 2025 TechDirectArchive

Loading Comments...

You must be logged in to post a comment.