Detections
Analytics

Hybrid Entra ID Information

low

Description

Microsoft Entra ID (MEID) integrates with on-premises Active Directory (AD) using either "Microsoft Entra Connect Sync" or "Microsoft Entra Cloud Sync". This integration enables unified user identities across hybrid environments and supports various device join types to provide flexible management of user access and authentication.
It is important to consider the resources synchronized with MEID from a local perspective because this could potentially enable the compromise of the on-premises AD environment from the cloud Entra ID.

Solution

To mitigate risks when synchronizing on-premises Active Directory with Microsoft Entra ID, limit synchronized data to essential attributes and objects only.

See Also

Integrate on-premises Active Directory domains with Microsoft Entra ID

Directory synchronization

Install the Microsoft Entra provisioning agent

Microsoft Entra Connect Sync service features

User Hard Matching and Soft Matching in Azure AD Connect

Microsoft Entra registered devices

Microsoft Entra joined devices

Microsoft Entra hybrid joined devices

Indicator Details

Name: Hybrid Entra ID Information

Codename: C-AAD-INFORMATIVE

Severity: Low

MITRE ATT&CK Information:

Attacker Known Tools

Dr. Nestori Syynimaa: AADInternals